Warning: The "Mini Sandworm" worm has recently caused widespread infections in open-source code repositories. Developers should be vigilant and investigate. | PANews

Warning: The "Mini Sandworm" worm has recently caused widespread infections in open-source code repositories. Developers should be vigilant and investigate.

PANews reported on May 20th that crypto KOL @mubeitech issued a warning that an open-source base package being downloaded 1.1 million times per week has been flagged as known malware. Its supply chain security score has plummeted to zero. This is a code worm called "Mini Shai-Hulud," which recently completed a large-scale infection in open-source code repositories.

The list of victims consists entirely of frequently used components. Hundreds of packages in Alibaba's data visualization suite, antv, were injected with malicious code. Commonly used front-end tools such as echarts-for-react and timeago.js were also compromised. echarts-for-react alone saw 1.1 million installations per week. The cause was the compromise of a regular developer account. The account with the username atool was compromised. After taking control, the hacker inserted obfuscated malicious code into these low-level components. Just 19 minutes after the infected version 3.2.7 was released, all vulnerabilities were flagged as malicious in the vulnerability scan.

SlowMist's Chief Information Security Officer, 23pds, forwarded the post and wrote an article reminding developers to pay attention to the investigation.

Share to:

Author: PA一线

This content is for market information only and is not investment advice.

Follow PANews official accounts, navigate bull and bear markets together

PANews WeChat Group

Telegram Discussion Group

Telegram News Channel

Recommended Reading

PA一线

17 minutes ago

GitHub updates security incident investigation: An employee's device was compromised, involving a compromised VS Code extension.

PA一线

25 minutes ago

Bitcoin spot ETFs saw a total net outflow of $331 million yesterday, marking the third consecutive day of net outflows.

PA一线

37 minutes ago

OpenAI invests $234 million to establish a new AI lab in Singapore.

PA一线

51 minutes ago

Data: The total open interest of ETH futures contracts across the entire network increased by 2.07% in the past 24 hours, reaching a total of $31.649 billion.

PA一线

1 hour ago

Both wallets simultaneously opened long positions in PEPE with 10x leverage, totaling $3.37 million in position value.

PA一线

1 hour ago

Analysts: Approximately 60 whale addresses holding at least 10,000 ETH have liquidated their holdings in the past two months.

Related Topics

RWA: Will trillions of dollars in real-world assets become the next growth engine for the crypto market?

RWA, seen as the next growth engine for the crypto market, is heating up, with major institutions such as Binance and Goldman Sachs making moves in the face of trillions of dollars in funding.

98 articles

In-depth analysis of current trends and providing all-round insights. This special topic will collect in-depth reports on each track for readers to read.

154 articles

Pioneer's View: Interviews with Crypto Celebrities

Exclusive interviews with crypto celebrities, sharing unique observations and insights.

153 articles

Trending:BTC Ethereum Stablecoins Prediction Market Trump RWA USDT DeFi AI Federal Reserve Chairman

Popular Articles

IOSG: Crypto didn't die after its developer count was halved; it simply made way for AI talent.

债市给了AI牛市一记闷棍

吴晓波频道

The Warsh Storm is Coming

万亿级银行巨头调仓：狂买XRP，清仓Solana

Bernstein's 97-page research report breaks down: In the battle for AI data center connectivity, who will be the real winner in 2026?

Industry News

Market Trends

Curated Readings

PANews App

24/7 blockchain news tracking and in-depth analysis.

Download PANews App

App Store Google Play

GitHub updates security incident investigation: An employee's device was compromised, involving a compromised VS Code extension.

PANews Newsflash17 minutes ago