Warning: The "Mini Sandworm" worm has recently caused widespread infections in open-source code repositories. Developers should be vigilant and investigate. | PANews

Warning: The "Mini Sandworm" worm has recently caused widespread infections in open-source code repositories. Developers should be vigilant and investigate.

PANews reported on May 20th that crypto KOL @mubeitech issued a warning that an open-source base package being downloaded 1.1 million times per week has been flagged as known malware. Its supply chain security score has plummeted to zero. This is a code worm called "Mini Shai-Hulud," which recently completed a large-scale infection in open-source code repositories.

The list of victims consists entirely of frequently used components. Hundreds of packages in Alibaba's data visualization suite, antv, were injected with malicious code. Commonly used front-end tools such as echarts-for-react and timeago.js were also compromised. echarts-for-react alone saw 1.1 million installations per week. The cause was the compromise of a regular developer account. The account with the username atool was compromised. After taking control, the hacker inserted obfuscated malicious code into these low-level components. Just 19 minutes after the infected version 3.2.7 was released, all vulnerabilities were flagged as malicious in the vulnerability scan.

SlowMist's Chief Information Security Officer, 23pds, forwarded the post and wrote an article reminding developers to pay attention to the investigation.

Share to:

Author: PA一线

This content is for market information only and is not investment advice.

Follow PANews official accounts, navigate bull and bear markets together

PANews WeChat Group

Telegram Discussion Group

Telegram News Channel

Recommended Reading

PA一线

18 minutes ago

Zhao Changpeng issued a warning regarding the GitHub security incident: API keys in private repositories should be immediately reviewed and replaced.

PA一线

40 minutes ago

GitHub: Investigating unauthorized access to internal GitHub repositories

PA一线

45 minutes ago

Giant whale Loracle.h opened a new long position in LIT with 3x leverage, while its short position in HYPE suffered a floating loss of over $7 million.

PA一线

1 hour ago

A whale opened a short position in XYZ100 with 30x leverage, with a position value of $23.07 million.

PA一线

1 hour ago

Granafa: Investigations found that recent security incidents did not affect customers' production systems and operations.

PA一线

1 hour ago

Japan's ruling party has proposed using AI and blockchain technologies to develop financial infrastructure.

Related Topics

RWA: Will trillions of dollars in real-world assets become the next growth engine for the crypto market?

RWA, seen as the next growth engine for the crypto market, is heating up, with major institutions such as Binance and Goldman Sachs making moves in the face of trillions of dollars in funding.

98 articles

In-depth analysis of current trends and providing all-round insights. This special topic will collect in-depth reports on each track for readers to read.

154 articles

Pioneer's View: Interviews with Crypto Celebrities

Exclusive interviews with crypto celebrities, sharing unique observations and insights.

153 articles

Trending:BTC Ethereum Stablecoins Prediction Market Trump RWA USDT DeFi AI Federal Reserve Chairman

Popular Articles

IOSG: Crypto didn't die after its developer count was halved; it simply made way for AI talent.

The Warsh Storm is Coming

债市给了AI牛市一记闷棍

吴晓波频道

Bernstein's 97-page research report breaks down: In the battle for AI data center connectivity, who will be the real winner in 2026?

万亿级银行巨头调仓：狂买XRP，清仓Solana

Industry News

Market Trends

Curated Readings

PANews App

24/7 blockchain news tracking and in-depth analysis.

Download PANews App

App Store Google Play

Zhao Changpeng issued a warning regarding the GitHub security incident: API keys in private repositories should be immediately reviewed and replaced.

PANews Newsflash18 minutes ago