Web3 Security Stack Highlights Threat from Malicious NPM Package

TheNewsCryptoPublicado a 2026-03-10Actualizado a 2026-03-10

Resumen

Web3 Antivirus has identified a malicious NPM package disguised as an OpenClaw installer that deploys a Remote Access Trojan (RAT) targeting macOS users. The package, once installed, launches a fake CLI installer and prompts for the Keychain password. If provided, it steals sensitive data including seed phrases, browser credentials, wallet information, and SSH keys, sending them to the attacker’s server. Previously, Web3 Antivirus warned about legitimate Chrome extensions—QuickLens and ShotBird—that turned malicious after ownership transfers. These were used to inject malicious scripts and steal user data, including exchange session details and wallet credentials. Looking ahead to 2026, key Web3 security threats include smart contract exploits (due to logic errors and access control issues), phishing, social engineering, wallet drainers, and oracle manipulation. The primary goals of these attacks are data theft and fund draining.

Web3 Antivirus, or Web3 security stack, has highlighted a threat from a malicious NPM package. It earlier flagged a threat from a legitimate Chrome extension. Notably, smart contract exploits and phishing & social engineering are some of the top Web3 security threats to lookout for in 2026.

Web3 Security Issue Flagged

Web3 Antivirus has published a post on X to inform the community that a malicious NPM package was caught deploying a RAT. It was disguised as an OpenClaw installer with the primary objective of stealing macOS credentials. Web3 Antivirus has further briefed the community about how the act was being carried out.

The package launches a fake CLI installer after it is installed normally. Once launched, it seeks macOS Keychain password. It is recommended not to do so because once shared, the malware can extract several pieces of information. This includes seed phrases, browser credentials, crypto wallet data, and SSH & cloud keys.

All the pieces find their way to the attacker’s server. Web3, with this, is seeing different types of threats for users worldwide.

Previously Flagged Threat

Web3 Antivirus previously flagged a threat from a legitimate Chrome extension. It warned that it was turning malicious after the ownership was transferred. This allows attackers to inject codes into web pages and steal the data of a user. The update, according to Web3 security stack, removed security headers and fingerprints before pulling malicious scripts from a remote server.

For the crypto community, such an act can turn into a theft for exchange sessions, compromised wallets, browser credentials, and seed phrase phishing.

It has named two extensions: QuickLens and ShotBird, adding that they have 7,000 and 800 users, respectively.

Top Web3 Security Threats in 2026

Some of the top Web3 security threats in 2026 are smart contract exploits and phishing & social engineering. The former largely pertains to vulnerabilities in code. This refers to infusing logic errors, input validation issues, and access control failures.

The latter, as the name suggests, involves making fake calls or impersonating partners to attack users and developers – even founders on some occasions.

Others on the list are wallet drainers, private key manipulation, and price oracle manipulation. The end goal of malicious actors is to steal data and drain funds or negatively impact the system.

Some of the common vulnerabilities are access control failures, logic errors, and unsigned API queries.

Highlighted Crypto News Today:

Nasdaq Collaboration Targets Pan-European Tokenized Securities Trading and Settlement

Preguntas relacionadas

QWhat type of malicious software was the NPM package caught deploying, and what was its primary objective?

AThe malicious NPM package was caught deploying a RAT (Remote Access Trojan). Its primary objective was to steal macOS credentials.

QWhat specific user information can the malware extract after obtaining the macOS Keychain password?

AThe malware can extract seed phrases, browser credentials, crypto wallet data, and SSH & cloud keys.

QWhat previously flagged threat did Web3 Antivirus warn about involving a legitimate Chrome extension?

AWeb3 Antivirus warned about a legitimate Chrome extension that turned malicious after ownership was transferred, allowing attackers to inject code into web pages and steal user data.

QWhat are two of the top Web3 security threats highlighted for 2026?

ATwo of the top Web3 security threats for 2026 are smart contract exploits and phishing & social engineering.

QWhat are the names of the two malicious Chrome extensions mentioned, and how many users do they have respectively?

AThe two malicious Chrome extensions are named QuickLens and ShotBird, with 7,000 and 800 users respectively.

Lecturas Relacionadas

Historical Data Shows Bitcoin Price Has Never Breached This Level – Will It Start Now?

Historical data reveals a consistent pattern in Bitcoin's price action: after recovering 30% from a cycle low, it has never retested that bottom. This has held true across six major cycles since 2011. The current cycle, which saw a low near $61,300 in February, is approaching this critical threshold at approximately $79,694. Bitcoin has already up about 28% and needs just a 2.7% increase to breach this historically significant level. Supporting this bullish signal, exchange reserves have hit new lows, and large investors have accumulated the most BTC in a month since 2013.

bitcoinistHace 1 hora(s)

Historical Data Shows Bitcoin Price Has Never Breached This Level – Will It Start Now?

bitcoinistHace 1 hora(s)

Why Bitcoin Still Acts Like A Risk Asset Despite Safe-Haven Claims

Bitcoin possesses inherent qualities of a safe-haven asset, such as being portable and censorship-resistant. However, it continues to trade like a risk asset, correlating with indices like the NASDAQ during periods of uncertainty. Analysts attribute this to its lack of widespread acceptance by large capital pools, a process that may take another decade. Currently, Bitcoin is showing technical weakness with a bearish market structure shift and a rejection from a monthly fair value gap, suggesting a higher probability of a breakdown and a potential move lower. The broader downside thesis remains intact unless BTC breaks out of its current pattern with strength.

bitcoinistHace 1 hora(s)

Why Bitcoin Still Acts Like A Risk Asset Despite Safe-Haven Claims

bitcoinistHace 1 hora(s)

Eight Years of Entrepreneurship Notes from a16z's AI Partner

An early generative AI entrepreneur reflects on his 8-year journey building Rosebud AI, founded in 2018—a time when the field was still called “synthetic media.” Initially experimenting with models like CycleGAN and StyleGAN, he believed AI could make creation as intuitive as playing a game. Over the years, his team launched multiple products, including the viral app TokkingHeads, which gained 2 million users, learning to design around imperfect model outputs to deliver “good enough” user experiences. The evolution from niche synthetic media to general-purpose AI infrastructure—especially after GPT-4’s release—reshaped product possibilities. Code generation matured enough by 2023 to enable text-to-game prototyping. The author emphasizes that the real differentiator now isn’t just model capability but product design, distribution, and business model innovation. Having stepped down as CEO of Rosebud AI, he joins a16z as a partner focused on investing in the frontier model stack—models, infrastructure, and tools. He remains optimistic about AI-driven progress in creative tools, coding, and scientific domains. The piece concludes with a forward-looking note: the next phase of AI will be less about what’s possible and more about how capabilities are productized and scaled in the real world.

marsbitHace 3 hora(s)

Eight Years of Entrepreneurship Notes from a16z's AI Partner

marsbitHace 3 hora(s)

How Many Tokens Away Is Yang Zhilin from the 'Moon Chasing the Light'?

The article explores the intense competition between two leading Chinese AI companies, DeepSeek and Kimi (Moon Dark Side), and the mounting pressure on Yang Zhilin, the founder of Kimi. While DeepSeek re-emerged after 15 months of silence with its powerful V4 model—boasting 1.6 trillion parameters and low-cost, long-context capabilities—Kimi has been focusing on long-context processing and multi-agent systems with its K2.6 model. Yang faces a threefold challenge: technological rivalry, commercialization pressure, and investor expectations. Despite Kimi’s high valuation (reaching $18 billion), its revenue heavily relies on a single product with low paid conversion rates, while DeepSeek’s strategic silence and open-source influence have strengthened its market position and valuation prospects, now targeting over $20 billion. Both companies reflect broader trends in China’s AI ecosystem: Kimi aims for global influence through open-source contributions and agent-based advancements, while DeepSeek prioritizes foundational innovation and hardware independence, notably shifting to Huawei’s chips. Their competition is seen as vital for China’s AI progress, with the gap between top Chinese and U.S. models narrowing to just 2.7% on the Elo rating scale. Ultimately, the article argues that this rivalry, though anxiety-inducing for leaders like Zhilin, is essential for driving innovation and solidifying China’s role in the global AI landscape.

marsbitHace 4 hora(s)

How Many Tokens Away Is Yang Zhilin from the 'Moon Chasing the Light'?

marsbitHace 4 hora(s)

TechFlow Intelligence Bureau: ChatGPT Helps Amateur Mathematician Crack 60-Year-Old Problem, CFTC Sues New York Regulator Over Coinbase and Gemini

An amateur mathematician, with the assistance of ChatGPT, has solved a combinatorial mathematics puzzle originally proposed by Hungarian mathematician Paul Erdős in the 1960s. This marks another milestone in AI-aided mathematical research, demonstrating the evolving capabilities of large language models in formal reasoning. In other AI developments, OpenAI introduced a new privacy filter tool for enterprise API usage, automatically screening sensitive data. Meanwhile, the Qwen3.6-27B model achieved 100 tokens per second on a single RTX 5090 GPU using quantization, significantly lowering the cost barrier for local AI deployment. In crypto and Web3, the U.S. CFTC sued New York’s financial regulator, challenging its oversight of Coinbase and Gemini—a first-of-its-kind federal-state regulatory clash. Following a vulnerability, KelpDAO and major DeFi protocols established a recovery fund. Tether froze $344 million in assets linked to Iran’s central bank upon U.S. Treasury request, highlighting the centralized control risks in stablecoins. Separately, Litecoin underwent a 3-hour chain reorganization to undo a privacy-layer exploit. In the U.S., former President Trump invoked the Defense Production Act to address power grid bottlenecks affecting AI data centers and dismissed the entire National Science Board, raising concerns over research independence. A retail trader gained 250% on a $600k Intel options bet amid AI-related speculation. Xiaomi announced its first performance electric vehicle, targeting rivals like Tesla. Meanwhile, iPhone users reported devices automatically reinstalling a hidden app daily, suspected to be MDM-related. A Chinese securities report noted that A-share institutional crowding has reached its second-longest streak since 2007, signaling high valuations and potential style rotation. The day’s developments reflect a dual narrative: AI is enabling unprecedented individual breakthroughs, while centralized power structures—whether governmental or corporate—are becoming more assertive, underscoring that decentralization is as much a political-economic challenge as a technical one.

marsbitHace 4 hora(s)

TechFlow Intelligence Bureau: ChatGPT Helps Amateur Mathematician Crack 60-Year-Old Problem, CFTC Sues New York Regulator Over Coinbase and Gemini

marsbitHace 4 hora(s)

Trading

Spot

Futuros