Developer Infects NodeJS to Steal Bitcoin
Return To ArticleA widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps.
The Node.js library in question is “Event-Stream,” a toolkit that makes it easy for developers to create and work with streams, a collection of data in Node.js — just like arrays or strings.
The malicious code detected earlier this week was added to Event-Stream version 3.3.6, published on September 9 via NPM repository, and had since been downloaded by nearly 8 million application programmers.
