SlowMist: An npm worm virus spreads through projects such as TanStack, stealing encrypted wallets and cloud keys. | PANews

SlowMist: An npm worm virus spreads through projects such as TanStack, stealing encrypted wallets and cloud keys.

PANews reported on May 12th that, according to SlowMist monitoring, a highly sophisticated npm worm named "Mini Shai-Hulud" is spreading through trusted developer projects such as TanStack, UiPath, and DraftLab. Attackers hijack GitHub credentials and release seemingly legitimate malicious package updates. This malware injects a stealthy `router_init.js` script, running silently in the CI/CD environment, specifically designed to steal sensitive data such as CI/CD keys, cloud infrastructure keys, and cryptocurrency wallets, and then uses the GitHub infrastructure to leak this data. SlowMist recommends that users audit their CI/CD pipelines for the `router_init.js` file, rotate all exposed credentials, and closely monitor their development environments.

Share to:

Author: PA一线

This content is for market information only and is not investment advice.

Follow PANews official accounts, navigate bull and bear markets together

PANews WeChat Group

Telegram Discussion Group

Telegram News Channel

Recommended Reading

PA一线

22 minutes ago

TRON's total transaction volume surpasses 14 billion

PA一线

52 minutes ago

Bloomberg: AI hacking threat is pushing the $130 billion DeFi industry to the brink of risk.

168X

1 hour ago

Interview with former Goldman Sachs FICC executive: Semiconductor shortages benefit those who are catching up! Buy as many optical modules as you can!

PA一线

1 hour ago

PeckShield: THORChain attacked, resulting in approximately $10 million in asset losses.

PA一线

1 hour ago

THORChain suffered a suspected attack resulting in losses exceeding $7.4 million; trading on the protocol has been suspended.

PA日报

2 hours ago

PA Daily News | Fasset completes $51 million Series B funding round; Hana Financial Group acquires 6.55% stake in Upbit operator Dunamu for approximately 1 trillion won.

Related Topics

Pioneer's View: Interviews with Crypto Celebrities

Exclusive interviews with crypto celebrities, sharing unique observations and insights.

151 articles

Memecoin Supercycle: The Hype Frenzy Triggered by Attention Tokenization

From a humorous phenomenon to a multi-billion dollar industry, Memecoin has become an integral part of the crypto market. In this Memecoin supercycle, how can we seize the opportunities?

34 articles

Web3 beginners knowledge: How to get started with zero foundation?

Confused about blockchain, Bitcoin, and NFT? Don’t panic! From wallet registration to fraud prevention guide, we will show you the core concepts of Web3 and help you take the first step to get started.

136 articles

Trending:BTC Ethereum Stablecoins Prediction Market Trump RWA USDT DeFi AI Federal Reserve Chairman

Popular Articles

a16z, the biggest financial backer behind the US midterm elections

稳定币怎么买美股？五大平台深度横评

半导体世纪：2026 AI狂飙下的投资路线图

从Gas Limit到Keyed Nonces，如何理解以太坊可扩展性的下一站？

为何凯文·沃什是美联储主席的“天选之人”？未来六个月政策至关重要

Industry News

Market Trends

Curated Readings

PANews App

24/7 blockchain news tracking and in-depth analysis.

Download PANews App

App Store Google Play

Iranian Foreign Minister: Iran does not seek to develop nuclear weapons

PANews Newsflash16 minutes ago