A JavaScript supply-chain attack infected over 400 software packages, 10 widely used in the crypto ecosystem. The malware “Shai Hulud” spread autonomously through packages, affecting Ethereum Name Service (ENS) and crypto-related packages with high weekly downloads. A broader trend of supply chain attacks is exemplified by previous NPM attacks and credential-stealing malware.

Among the affected packages are ENS-related ones like content-hash, address-encoder, ensjs, and others with thousands of weekly downloads. This includes non-ENS package crypto-addr-codec. Packages from corporate automation platform Zapier were also compromised, with significant weekly downloads, indicating a massive scope of the Shai Hulud attack. Researchers advise immediate investigation and remediation for any npm environment.

Read more at Cointelegraph: New NPM Supply-Chain Attack Compromises ENS and Crypto Code