All about the stealing of Cryptocurrency by a node module
If you are not surprised by the title that means you are already aware of the security threat by a node module called event-stream, but if you are not then you read it right, someone is stealing your cryptocurrency using a node module package 😈
In this post, I will explain it in detail about this threat and answer some common questions like What exactly it is ? Who is affected? How to fix it ?. I will try to explain it in the way that people who already heard it will get to know more and for those who haven’t heard about it at all will know exactly what happened that they have missed. So hold on tight for the next few minutes!!
What is it ?
A npm package called event-stream which you probably didn’t use directly but which was a dependency of some popular packages (e.g. nodemon, copay-dash) had malicious code in it. Especially the targeted package was the copay-dash which is a bitcoin-wallet is got infected and would try to steal cryptocurrencies. If you weren’t mining/storing cryptocurrencies or using this copay-dash package as a dependency in your project on your machine then you are fine anyways (you should still implement the below-mentioned fix though).
