Cybersecurity researchers identified the exploit in several npm software packages, including the pdf-to-office code bundle.
Users of the Atomic and Exodus wallets are being targeted by threat actors uploading malicious software packages to online coding repositories to steal crypto private keys in the latest cybersecurity threat identified by security professionals.
According to cybersecurity researchers at ReversingLabs, the exploit works by hiding malicious code in seemingly legitimate npm software packages, which are pre-built bundles of code widely used by software developers.
These malicious software packages target locally installed Atomic Wallet and Exodus Wallet files by installing a patch that overwrites the files to compromise the user interface and fool the unsuspecting victim into sending crypto to scam addresses.









