Web3 Security Stack Highlights Threat from Malicious NPM Package

TheNewsCryptoPubblicato 2026-03-10Pubblicato ultima volta 2026-03-10

Introduzione

Web3 Antivirus has identified a malicious NPM package disguised as an OpenClaw installer that deploys a Remote Access Trojan (RAT) targeting macOS users. The package, once installed, launches a fake CLI installer and prompts for the Keychain password. If provided, it steals sensitive data including seed phrases, browser credentials, wallet information, and SSH keys, sending them to the attacker’s server. Previously, Web3 Antivirus warned about legitimate Chrome extensions—QuickLens and ShotBird—that turned malicious after ownership transfers. These were used to inject malicious scripts and steal user data, including exchange session details and wallet credentials. Looking ahead to 2026, key Web3 security threats include smart contract exploits (due to logic errors and access control issues), phishing, social engineering, wallet drainers, and oracle manipulation. The primary goals of these attacks are data theft and fund draining.

Web3 Antivirus, or Web3 security stack, has highlighted a threat from a malicious NPM package. It earlier flagged a threat from a legitimate Chrome extension. Notably, smart contract exploits and phishing & social engineering are some of the top Web3 security threats to lookout for in 2026.

Web3 Security Issue Flagged

Web3 Antivirus has published a post on X to inform the community that a malicious NPM package was caught deploying a RAT. It was disguised as an OpenClaw installer with the primary objective of stealing macOS credentials. Web3 Antivirus has further briefed the community about how the act was being carried out.

The package launches a fake CLI installer after it is installed normally. Once launched, it seeks macOS Keychain password. It is recommended not to do so because once shared, the malware can extract several pieces of information. This includes seed phrases, browser credentials, crypto wallet data, and SSH & cloud keys.

All the pieces find their way to the attacker’s server. Web3, with this, is seeing different types of threats for users worldwide.

Previously Flagged Threat

Web3 Antivirus previously flagged a threat from a legitimate Chrome extension. It warned that it was turning malicious after the ownership was transferred. This allows attackers to inject codes into web pages and steal the data of a user. The update, according to Web3 security stack, removed security headers and fingerprints before pulling malicious scripts from a remote server.

For the crypto community, such an act can turn into a theft for exchange sessions, compromised wallets, browser credentials, and seed phrase phishing.

It has named two extensions: QuickLens and ShotBird, adding that they have 7,000 and 800 users, respectively.

Top Web3 Security Threats in 2026

Some of the top Web3 security threats in 2026 are smart contract exploits and phishing & social engineering. The former largely pertains to vulnerabilities in code. This refers to infusing logic errors, input validation issues, and access control failures.

The latter, as the name suggests, involves making fake calls or impersonating partners to attack users and developers – even founders on some occasions.

Others on the list are wallet drainers, private key manipulation, and price oracle manipulation. The end goal of malicious actors is to steal data and drain funds or negatively impact the system.

Some of the common vulnerabilities are access control failures, logic errors, and unsigned API queries.

Highlighted Crypto News Today:

Nasdaq Collaboration Targets Pan-European Tokenized Securities Trading and Settlement

Domande pertinenti

QWhat type of malicious software was the NPM package caught deploying, and what was its primary objective?

AThe malicious NPM package was caught deploying a RAT (Remote Access Trojan). Its primary objective was to steal macOS credentials.

QWhat specific user information can the malware extract after obtaining the macOS Keychain password?

AThe malware can extract seed phrases, browser credentials, crypto wallet data, and SSH & cloud keys.

QWhat previously flagged threat did Web3 Antivirus warn about involving a legitimate Chrome extension?

AWeb3 Antivirus warned about a legitimate Chrome extension that turned malicious after ownership was transferred, allowing attackers to inject code into web pages and steal user data.

QWhat are two of the top Web3 security threats highlighted for 2026?

ATwo of the top Web3 security threats for 2026 are smart contract exploits and phishing & social engineering.

QWhat are the names of the two malicious Chrome extensions mentioned, and how many users do they have respectively?

AThe two malicious Chrome extensions are named QuickLens and ShotBird, with 7,000 and 800 users respectively.

Letture associate

OpenAI Launches Workflow Agent, GPTs Begin Countdown

OpenAI has launched Workspace Agents, an evolution of GPTs designed for teams. This new feature allows users to create reusable, shareable agents that automate repetitive workflows. Driven by Codex, these agents operate within their own workspace, can access files, call tools, and run continuously in the background. Users describe a workflow—such as collecting information, making judgments, generating results, and sending outputs—to ChatGPT, which then builds the agent. The entire team can use and refine the agent via ChatGPT or Slack. Once set up, the agent runs autonomously. Workspace Agents are team-shared, code-free, and manageable with predefined permissions and controls. They are suitable for structured, repeatable tasks involving multiple tools and continuous operation, such as software review, feedback整理, report generation, sales follow-up, and risk assessment. The system operates within clear rules, with sensitive actions requiring human confirmation. It aims to transform workflows from being person-dependent to being documented, executable, and reusable—akin to scientific management principles. Competing solutions from Microsoft and Google are also emerging in this space.

marsbit11 min fa

OpenAI Launches Workflow Agent, GPTs Begin Countdown

marsbit11 min fa

The Richest Fed Chair in History? Three Challenges Kevin Warsh Is About to Face

Kevin Warsh, nominated by Trump as the next Federal Reserve Chair, faces three major challenges as he prepares to take office. With a personal investment portfolio exceeding $130 million, including holdings in crypto protocols and public chains, he is set to become the wealthiest Fed chair in history. Warsh, known for his historically hawkish stance, has recently shifted his position, arguing that AI is a powerful deflationary force that could boost productivity. However, rising CPI and energy prices pose a risk to this outlook. He strongly defended Fed independence, stating that it is eroded not by political pressure but by the institution’s own missteps, such as blurring the lines between monetary and fiscal policy during the 2021-2022 inflation period. Additionally, Warsh advocates for significant balance sheet reduction while potentially cutting rates—a combination that markets find unsettling. He also proposes modernizing inflation measurement with real-time data, including stablecoins and on-chain pricing, to improve policy responsiveness. His confirmation is currently delayed due to a political investigation into current Chair Powell, adding uncertainty to his appointment.

marsbit24 min fa

The Richest Fed Chair in History? Three Challenges Kevin Warsh Is About to Face

marsbit24 min fa

Rivaling a Documentary, OpenAI President Recounts the 72-Hour Internal Strife

OpenAI President Greg Brockman details the 72-hour internal crisis following CEO Sam Altman's sudden firing by the board. Both were blindsided by the decision, leading Brockman to resign immediately in solidarity. They began planning a new company at Altman’s home, aiming to take all OpenAI employees with them. Despite intense recruitment efforts by competitors, not a single employee accepted an external offer. The situation shifted when co-founder Ilya Sutskever publicly supported the employees' petition, leading to Altman’s reinstatement. Brockman reflects on OpenAI’s origins, its shift from non-profit to capped-profit for computational scale, key breakthroughs like Dota project and GPT, and the importance of resilience and mission-focused leadership. He emphasizes AI’s potential for global benefit and the need for broad access to compute power, while acknowledging risks and the necessity of iterative deployment for safety and alignment.

marsbit33 min fa

Rivaling a Documentary, OpenAI President Recounts the 72-Hour Internal Strife

marsbit33 min fa

AI "Transfer Station" Earning Millions Monthly? Five Questions Uncover the Truth of Token Arbitrage

The article "AI 'Transfer Station' Earns Millions Monthly? Five Questions Uncover the Truth of Token Arbitrage" explores the emerging business of API token transfer stations, which profit from global AI service price disparities and access barriers. These intermediaries purchase low-cost tokens from overseas AI providers (e.g., OpenAI, Claude) through grey-market methods—such as exploiting enterprise credits, bulk accounts, or subscription benefits—and resell them to Chinese users at a markup. Key drivers include the high cost of using top AI models (e.g., Claude Code costs ~$5 per million tokens), the performance gap between domestic and foreign models, and mismatches between subscription and API pricing. However, the practice carries significant risks: upstream token sources may be unstable or illegal; user data passing through intermediaries can be harvested or injected with hidden prompts; and models might be downgraded without disclosure. The market is evolving, with some operators now exporting cheaper Chinese models (e.g., Qwen3.5 at ~$0.11 per million tokens) to overseas users, leveraging price gaps. Yet, sustainability is low due to compliance crackdowns, instability, and reputational risks. Users are advised to employ detection methods (e.g., prompt adherence tests) and avoid sensitive data usage. The authors caution that while transfer stations offer short-term arbitrage, they lack long-term reliability and security compared to official APIs.

marsbit35 min fa

AI "Transfer Station" Earning Millions Monthly? Five Questions Uncover the Truth of Token Arbitrage

marsbit35 min fa

The Cost of an 11.5% Annualized Return: Will MicroStrategy's STRC Face a Moment of Reckoning?

This article analyzes the potential risks associated with MicroStrategy's (MSTR) use of structured financial products like STRC to leverage its BTC exposure. While these tools have enabled impressive returns (e.g., 11.5% annualized) and fueled significant capital inflows ($13.5B outstanding), they also create substantial annual dividend obligations (~$400M). The author argues that this structure, while effective in a bull market, could become a liability if BTC price stagnates or declines. The core risk is a potential negative feedback loop: the growing dividend burden from continued STRC issuance may eventually outweigh the benefits of increased BTC holdings. To meet these obligations, MicroStrategy might need to use new issuance proceeds for dividends instead of buying more BTC, which could disappoint equity investors. If the market capitalization (mNAV) falls below the value of its BTC holdings, the company could be forced to sell BTC instead of issuing new shares, potentially triggering a panic. The author estimates a potential inflection point in 6 months, where annual dividend costs reach $3-4B. At that stage, CEO Michael Saylor might face a difficult choice: sell BTC to meet obligations or sacrifice the credibility of the preferred shares by halting dividends. The article concludes that this financial engineering, while powerful, could ultimately "backfire" on MicroStrategy if market conditions turn.

marsbit1 h fa

The Cost of an 11.5% Annualized Return: Will MicroStrategy's STRC Face a Moment of Reckoning?

marsbit1 h fa

Trading

Spot

Futures