{"id":155013,"date":"2025-04-12T19:00:07","date_gmt":"2025-04-12T16:00:07","guid":{"rendered":"https:\/\/cryptodnes.bg\/en\/?p=155013"},"modified":"2025-04-12T01:49:25","modified_gmt":"2025-04-11T22:49:25","slug":"crypto-wallets-targeted-by-sophisticated-malware-campaign","status":"publish","type":"post","link":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/","title":{"rendered":"Crypto Wallets Targeted by Sophisticated Malware Campaign"},"content":{"rendered":"<p>This wave of cyberattacks uses a deceptive software supply chain to target popular Web3 wallets, including Atomic Wallet and Exodus, exploiting vulnerabilities in the npm package manager commonly used by JavaScript and Node.js developers.<\/p>\n<p>The attack centers around a malicious package, pdf-to-office, which masquerades as a tool for converting PDF documents into Microsoft Office formats. However, once downloaded and executed, the package quietly inserts harmful code into the victim\u2019s system, specifically altering locally installed versions of trusted crypto wallets like Atomic Wallet and Exodus.<\/p>\n<p>This code then enables attackers to secretly intercept and reroute cryptocurrency transactions to wallets they control, all while the victim remains unaware.<\/p>\n<style>\n    .dark-mode .read-more {background-color: #343a40 !important;}\n<\/style>\n<div class=\"read-more pb-3 pt-3 pt-md-2 px-3 my-4 border bg-light\">\n    <h5 class=\"text-uppercase border-bottom mb-3 pb-1 d-none d-md-block\">READ MORE:<\/h5>\n    <a class=\"article row\" href=\"https:\/\/cryptodnes.bg\/en\/experts-question-trumps-tariff-move-temporary-relief-or-deeper-uncertainty\/\" title=\"Experts Question Trump\u2019s Tariff Move: Temporary Relief or Deeper Uncertainty?\">\n        <div class=\"contentRight col-4\">\n            <span class=\"imgContainer mt-0\">\n                <img decoding=\"async\" class=\"image img-defer\" src=\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/trump-2-e1682283615732-240x170.jpg\">\n            <\/span>\n        <\/div>\n        <div class=\"contentLeft col-8\">\n            <h4 class=\"title mb-0\">Experts Question Trump\u2019s Tariff Move: Temporary Relief or Deeper Uncertainty?<\/h4>           \n            \n        <\/div>        \n    <\/a>\n<\/div>\n<p>What makes this attack particularly insidious is its subtlety. Rather than attacking open-source repositories directly, the attackers target existing, legitimate software installations by modifying them locally. This technique is harder to detect and more difficult to counter than traditional supply chain attacks that affect upstream code.<\/p>\n<p>The malicious pdf-to-office package first appeared on npm in March 2025 and has been updated multiple times, with the latest version released in April. Using machine learning analysis, ReversingLabs researchers uncovered the malicious behavior, revealing that the package contained obfuscated JavaScript\u2014an unmistakable sign of a malware campaign.<\/p>\n<p>Even after users removed the malicious package, the damage persisted. The malicious patches remained in the Web3 wallet software, requiring victims to fully uninstall and reinstall their wallet applications to eliminate the trojan and restore security. This attack highlights the evolving nature of cyber threats in the crypto space, requiring heightened vigilance from both developers and users.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting the crypto community.<\/p>\n","protected":false},"author":3,"featured_media":26700,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[26],"tags":[],"class_list":["post-155013","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocrime"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Crypto Wallets Targeted by Sophisticated Malware Campaign<\/title>\n<meta name=\"description\" content=\"Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Crypto Wallets Targeted by Sophisticated Malware Campaign\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"Cryptodnes EN\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-12T16:00:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1687\" \/>\n\t<meta property=\"og:image:height\" content=\"1126\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alexander Stefanov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alexander Stefanov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/\"},\"author\":{\"name\":\"Alexander Stefanov\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/#\/schema\/person\/121029bf2ce7d5bbdab7f447d5aeebb5\"},\"headline\":\"Crypto Wallets Targeted by Sophisticated Malware Campaign\",\"datePublished\":\"2025-04-12T16:00:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/\"},\"wordCount\":267,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg\",\"articleSection\":[\"Crypto Crime\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\/\/cryptodnes.bg\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/\",\"url\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/\",\"name\":\"Crypto Wallets Targeted by Sophisticated Malware Campaign\",\"isPartOf\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg\",\"datePublished\":\"2025-04-12T16:00:07+00:00\",\"description\":\"Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting...\",\"breadcrumb\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage\",\"url\":\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg\",\"contentUrl\":\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg\",\"width\":1687,\"height\":1126,\"caption\":\"malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cryptodnes.bg\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Crypto Wallets Targeted by Sophisticated Malware Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/#website\",\"url\":\"https:\/\/cryptodnes.bg\/en\/\",\"name\":\"Cryptodnes EN\",\"description\":\"Crypto News, Bitcoin Analysis and More\",\"publisher\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cryptodnes.bg\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/#organization\",\"name\":\"Cryptodnes EN\",\"url\":\"https:\/\/cryptodnes.bg\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2025\/04\/logo.svg\",\"contentUrl\":\"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2025\/04\/logo.svg\",\"caption\":\"Cryptodnes EN\"},\"image\":{\"@id\":\"https:\/\/cryptodnes.bg\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/#\/schema\/person\/121029bf2ce7d5bbdab7f447d5aeebb5\",\"name\":\"Alexander Stefanov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptodnes.bg\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6dd8585c9881c74e639b0a3d0a889929?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6dd8585c9881c74e639b0a3d0a889929?s=96&d=mm&r=g\",\"caption\":\"Alexander Stefanov\"},\"url\":\"https:\/\/cryptodnes.bg\/en\/author\/alex100oo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Crypto Wallets Targeted by Sophisticated Malware Campaign","description":"Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/","og_locale":"en_US","og_type":"article","og_title":"Crypto Wallets Targeted by Sophisticated Malware Campaign","og_description":"Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting...","og_url":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/","og_site_name":"Cryptodnes EN","article_published_time":"2025-04-12T16:00:07+00:00","og_image":[{"width":1687,"height":1126,"url":"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg","type":"image\/jpeg"}],"author":"Alexander Stefanov","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alexander Stefanov","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#article","isPartOf":{"@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/"},"author":{"name":"Alexander Stefanov","@id":"https:\/\/cryptodnes.bg\/en\/#\/schema\/person\/121029bf2ce7d5bbdab7f447d5aeebb5"},"headline":"Crypto Wallets Targeted by Sophisticated Malware Campaign","datePublished":"2025-04-12T16:00:07+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/"},"wordCount":267,"commentCount":0,"publisher":{"@id":"https:\/\/cryptodnes.bg\/en\/#organization"},"image":{"@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg","articleSection":["Crypto Crime"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cryptodnes.bg\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/","url":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/","name":"Crypto Wallets Targeted by Sophisticated Malware Campaign","isPartOf":{"@id":"https:\/\/cryptodnes.bg\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage"},"image":{"@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg","datePublished":"2025-04-12T16:00:07+00:00","description":"Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting...","breadcrumb":{"@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#primaryimage","url":"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg","contentUrl":"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2022\/07\/malware-fot-a.jpg","width":1687,"height":1126,"caption":"malware"},{"@type":"BreadcrumbList","@id":"https:\/\/cryptodnes.bg\/en\/crypto-wallets-targeted-by-sophisticated-malware-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptodnes.bg\/en\/"},{"@type":"ListItem","position":2,"name":"Crypto Wallets Targeted by Sophisticated Malware Campaign"}]},{"@type":"WebSite","@id":"https:\/\/cryptodnes.bg\/en\/#website","url":"https:\/\/cryptodnes.bg\/en\/","name":"Cryptodnes EN","description":"Crypto News, Bitcoin Analysis and More","publisher":{"@id":"https:\/\/cryptodnes.bg\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptodnes.bg\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cryptodnes.bg\/en\/#organization","name":"Cryptodnes EN","url":"https:\/\/cryptodnes.bg\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptodnes.bg\/en\/#\/schema\/logo\/image\/","url":"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2025\/04\/logo.svg","contentUrl":"https:\/\/cryptodnes.bg\/en\/wp-content\/uploads\/sites\/2\/2025\/04\/logo.svg","caption":"Cryptodnes EN"},"image":{"@id":"https:\/\/cryptodnes.bg\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/cryptodnes.bg\/en\/#\/schema\/person\/121029bf2ce7d5bbdab7f447d5aeebb5","name":"Alexander Stefanov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptodnes.bg\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6dd8585c9881c74e639b0a3d0a889929?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6dd8585c9881c74e639b0a3d0a889929?s=96&d=mm&r=g","caption":"Alexander Stefanov"},"url":"https:\/\/cryptodnes.bg\/en\/author\/alex100oo\/"}]}},"modified_by":"Deyan Angelov","_links":{"self":[{"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/posts\/155013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/comments?post=155013"}],"version-history":[{"count":1,"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/posts\/155013\/revisions"}],"predecessor-version":[{"id":155014,"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/posts\/155013\/revisions\/155014"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/media\/26700"}],"wp:attachment":[{"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/media?parent=155013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/categories?post=155013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptodnes.bg\/en\/wp-json\/wp\/v2\/tags?post=155013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}