If you are a user of BitPay’s Copay desktop or mobile wallet apps you need to stop using them and pay attention.
Its new developer that goes by the name of Right9ctrl had poisoned the library with malicious code.
Right9ctrl released Event-Stream 3.3.6 which contained a new dependency –for the Flatmap-Stream library version 0.1.1. The Flatmap-Stream library v0.1.1 is where the malicious code resides.
The malicious code is made to stay silent until it’s called inside the source code of Copay, a desktop and mobile wallet app developed by Bitcoin payment platform BitPay.
Once the malicious code is activated inside of a version of the Copay wallet app, it will steal users’ wallet information, including private keys, and send it to the copayapi.host URL on port 8080.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For now, it is unknown how the new variants of Bladabindi spread to the core, infecting systems.
The Copay developers say that all versions between 5.0.1 and 5.1.0 are affected, and users need to update to version 5.2.0 or later, immediately.
The infamous Event-Stream v3.3.6 has also been taken down from npmjs.com, but the Event-Stream library is still available.
Anyone who uses these two libraries is advised to update their dependency trees to the latest version available –Event-Stream version 4.0.1.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.