A ReversingLabs investigation has found evidence of additional malicious npm packages with links to the same infrastructure that appear to target cryptocurrency providers, two weeks after the IT management company JumpCloud announced that it had been the target of a supply chain attack directed at a select group of customers in the cryptocurrency industry.
ReversingLabs specifically discovered a number of additional npm packages that have connections to the same malicious activity. According to ReversingLabs Reverse Engineer Karlo Zanki, one, called btc-api-node, was posted to npm on July 11 and has connections to a supply chain assault that was initially spotted by the company Phylum on June 23 and that was mentioned as a potential prelude to the JumpCloud attack. Since then, Phylum has added a new blog entry.