Crypto Wallets Compromised by Malicious npm Package

In this episode of IT SPARC Cast – CVE of the Week, John and Lou dive into a stealthy supply chain attack involving a malicious npm package impersonating NodeMailer. This package—nodejs-smtp—was designed to exploit unsuspecting developers by mimicking legitimate behavior while secretly stealing funds from popular cryptocurrency wallets like Atomic Wallet and Exodus on Windows systems.

The attack was cleverly disguised, executed through Electron-based payloads, and capable of repackaging the victim’s wallet apps to reroute crypto transactions to attacker-controlled wallets. Even build and CI pipelines could miss the infection due to the module’s deceptive functionality. With only 347 downloads before removal, the attack still presents a clear and present danger due to how easily it could be missed or reused.

John and Lou break down how this was discovered, how it works, why it’s dangerous, and what every developer and crypto user should do to protect themselves. They also reflect on how AI-assisted code review, registry controls, and isolated environments are now must-haves for any serious dev or security-conscious user.

⸻

🔗 Social Links (Wrap Up Section)

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.