Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins
(Nov 26, 2018)
Recommendation: As of this writing, officials from the open source project manager that hosted the Event-Stream library, Node Package Manager (NPM), have stated that the malicious library has been removed from its listings. The Bitcoin payment service provider, BitPay, has issued an advisory in which in warns all of its users to assume that their private keys have been compromised and to move fund to new wallets in updated version 5.2.0 as soon as possible.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.