There are some popular JavaScript backdoors that can steal your Bitcoins


If you are a user of BitPay’s Copay desktop or mobile wallet apps you need to stop using them and pay attention.
A hacker has gained access to a popular JavaScript library in which he has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay’s Copay wallet apps.
The library loading the malicious code is named Event-Stream, which is a heavily obfuscated JavaScript npm package for working with Node.js streaming data.

The affected JavaScript library is a very popular one that has over two million weekly downloads on the npmjs.com repository.
Its new developer that goes by the name of Right9ctrl had poisoned the library with malicious code.

Right9ctrl released Event-Stream 3.3.6 which contained a new dependency –for the Flatmap-Stream library version 0.1.1. The Flatmap-Stream library v0.1.1 is where the malicious code resides.
The malicious code is made to stay silent until it’s called inside the source code of Copay, a desktop and mobile wallet app developed by Bitcoin payment platform BitPay.

Once the malicious code is activated inside of a version of the Copay wallet app, it will steal users’ wallet information, including private keys, and send it to the copayapi.host URL on port 8080.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

For now, it is unknown how the new variants of Bladabindi spread to the core, infecting systems.
The Copay developers say that all versions between 5.0.1 and 5.1.0 are affected, and users need to update to version 5.2.0 or later, immediately.
Maintainers of the npmjs.com JavaScript package repository have also intervened and taken down the Flatmap-Stream library from their site.
The infamous Event-Stream v3.3.6 has also been taken down from npmjs.com, but the Event-Stream library is still available.

Anyone who uses these two libraries is advised to update their dependency trees to the latest version available –Event-Stream version 4.0.1.
This is not the first JavaScript/npm-related security issue that has taken place in the past years. In July this year, a hacker compromised the ESLint library with malicious code that was designed to steal the npm credentials of other developers.

Next, in May 2018, a hacker hid a backdoor in another popular npm package named getcookies, then in August 2017, some JavaScript npm packages were caught stealing environment variables from other projects, in an attempt to collect project-sensitive information, such as passwords or API keys.

Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.