慢雾：监测到针对加密开发者的跨平台供应链攻击，涉及34个以上恶意包

Odaily Planet Daily reported that according to SlowMist's monitoring, MistEye detected a cross-registry supply chain attack targeting developers. The attackers deployed malicious packages through npm, PyPI, and Crates.io to carry out the attack. This campaign involves over 34 malicious packages and more than 384 related versions, targeting communities including crypto, DeFi, Solana, Sui/Move, and AI developers.

Potential attacker activities include stealing cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer keys. Some payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, Shell hooks, cron, systemd, and SSH.

SlowMist recommends immediately removing the affected packages, isolating the impacted systems, retaining logs, rotating exposed credentials, rebuilding CI runners and developer machines from clean images, and reviewing GitHub, cloud, SSH, and wallet activity.