Supply-chain attack: compromised dYdX npm and PyPI packages deliver wallet stealers and RAT
Researchers reported compromised dYdX client packages on npm and PyPI distributing wallet-stealing malware, including a RAT in the Python variant. It’s another reminder that package ecosystems are high-leverage targets.
Researchers reported a coordinated **software supply-chain compromise** affecting dYdX client packages on both npm and PyPI.
**Reported impact**
- npm package versions allegedly included wallet-stealing behavior.
- PyPI package allegedly included a wallet stealer plus a **remote access trojan (RAT)** that fetches and executes commands.
**Why it matters**
Package registries remain one of the highest-leverage attack surfaces: one compromised account can ripple across many downstream apps.
**What teams should do**
- Check lockfiles/SBOMs for affected versions.
- Isolate suspicious dev/build machines.
- Rotate credentials and wallets/keys from a clean environment.
**Tags:** Cyber Security, Supply Chain, JavaScript, Python
Source: The Hacker News