Web3 Security Stack Highlights Threat from Malicious NPM Package

TheNewsCryptoPublicado em 2026-03-10Última atualização em 2026-03-10

Resumo

Web3 Antivirus has identified a malicious NPM package disguised as an OpenClaw installer that deploys a Remote Access Trojan (RAT) targeting macOS users. The package, once installed, launches a fake CLI installer and prompts for the Keychain password. If provided, it steals sensitive data including seed phrases, browser credentials, wallet information, and SSH keys, sending them to the attacker’s server. Previously, Web3 Antivirus warned about legitimate Chrome extensions—QuickLens and ShotBird—that turned malicious after ownership transfers. These were used to inject malicious scripts and steal user data, including exchange session details and wallet credentials. Looking ahead to 2026, key Web3 security threats include smart contract exploits (due to logic errors and access control issues), phishing, social engineering, wallet drainers, and oracle manipulation. The primary goals of these attacks are data theft and fund draining.

Web3 Antivirus, or Web3 security stack, has highlighted a threat from a malicious NPM package. It earlier flagged a threat from a legitimate Chrome extension. Notably, smart contract exploits and phishing & social engineering are some of the top Web3 security threats to lookout for in 2026.

Web3 Security Issue Flagged

Web3 Antivirus has published a post on X to inform the community that a malicious NPM package was caught deploying a RAT. It was disguised as an OpenClaw installer with the primary objective of stealing macOS credentials. Web3 Antivirus has further briefed the community about how the act was being carried out.

The package launches a fake CLI installer after it is installed normally. Once launched, it seeks macOS Keychain password. It is recommended not to do so because once shared, the malware can extract several pieces of information. This includes seed phrases, browser credentials, crypto wallet data, and SSH & cloud keys.

All the pieces find their way to the attacker’s server. Web3, with this, is seeing different types of threats for users worldwide.

Previously Flagged Threat

Web3 Antivirus previously flagged a threat from a legitimate Chrome extension. It warned that it was turning malicious after the ownership was transferred. This allows attackers to inject codes into web pages and steal the data of a user. The update, according to Web3 security stack, removed security headers and fingerprints before pulling malicious scripts from a remote server.

For the crypto community, such an act can turn into a theft for exchange sessions, compromised wallets, browser credentials, and seed phrase phishing.

It has named two extensions: QuickLens and ShotBird, adding that they have 7,000 and 800 users, respectively.

Top Web3 Security Threats in 2026

Some of the top Web3 security threats in 2026 are smart contract exploits and phishing & social engineering. The former largely pertains to vulnerabilities in code. This refers to infusing logic errors, input validation issues, and access control failures.

The latter, as the name suggests, involves making fake calls or impersonating partners to attack users and developers – even founders on some occasions.

Others on the list are wallet drainers, private key manipulation, and price oracle manipulation. The end goal of malicious actors is to steal data and drain funds or negatively impact the system.

Some of the common vulnerabilities are access control failures, logic errors, and unsigned API queries.

Highlighted Crypto News Today:

Nasdaq Collaboration Targets Pan-European Tokenized Securities Trading and Settlement

Perguntas relacionadas

QWhat type of malicious software was the NPM package caught deploying, and what was its primary objective?

AThe malicious NPM package was caught deploying a RAT (Remote Access Trojan). Its primary objective was to steal macOS credentials.

QWhat specific user information can the malware extract after obtaining the macOS Keychain password?

AThe malware can extract seed phrases, browser credentials, crypto wallet data, and SSH & cloud keys.

QWhat previously flagged threat did Web3 Antivirus warn about involving a legitimate Chrome extension?

AWeb3 Antivirus warned about a legitimate Chrome extension that turned malicious after ownership was transferred, allowing attackers to inject code into web pages and steal user data.

QWhat are two of the top Web3 security threats highlighted for 2026?

ATwo of the top Web3 security threats for 2026 are smart contract exploits and phishing & social engineering.

QWhat are the names of the two malicious Chrome extensions mentioned, and how many users do they have respectively?

AThe two malicious Chrome extensions are named QuickLens and ShotBird, with 7,000 and 800 users respectively.

Leituras Relacionadas

First Batch of Keynote Speakers and Partners Announced! Web2+3 Summit: Defining the Next Generation of Digital Economy

Web2+3 Summit: Defining the Next Generation of Digital Economy The 6th BEYOND International Technology Innovation Expo (BEYOND Expo 2026), Asia's largest tech and ecosystem exhibition, is launching a dedicated Web2+3 stage for the first time. Co-hosted by BEYOND Expo and ChainNeXT Group, the Web3 Summit will take place from May 28–30, 2026. Against the backdrop of accelerating global tech integration, the boundaries between Web2 and Web3 are rapidly blurring. With clearer global regulations for blockchain-driven internet (Web3) and the special issuance of a Hong Kong dollar stable币 license by the Hong Kong SAR government on April 10, 2026, Web3's decentralized principles are quickly merging with traditional industries (Web2) such as e-commerce, finance, and artificial intelligence. Focused on blockchain-driven digital economy elements, the summit will center on three core principles—implementability, commercial viability, and compliance. It will bring together top Web3 experts to discuss key integration areas like stablecoin payment finance (PayFi), real-world asset tokenization (RWA), and decentralized AI (DeAI), unveiling new opportunities for industrial innovation. The first wave of confirmed speakers includes Jack Kong (Director of Hong Kong Cyberport, Chairman of Nano Labs), Yat Siu (Chairman of Animoca Brands), Michael Wu (Co-founder & CEO of Amber Group), Michael Heinrich (Co-founder & CEO of 0G), and Art Abal (Co-founder of Vana). More Web3 ecosystem pioneers, AI, and fintech experts will be announced soon. Core forum topics include: - Web2+DeAI: New AI Paradigms Driven by Decentralized Infrastructure - Web2+RWA: Real-World Asset Tokenization and Global Liquidity - Web2+PayFi: Cross-Border Payments and Financial Innovation Powered by Crypto Infrastructure - Web2+3 AI: Autonomous Agents and the Crypto Economy - Web2+3 Wealth: On-Chain and Off-Chain Integrated Investment Ecosystems - Web2+3 Commerce: A New Landscape for Global Trade Driven by Stablecoins Additional agenda details will be released in the near future.

marsbitHá 36m

First Batch of Keynote Speakers and Partners Announced! Web2+3 Summit: Defining the Next Generation of Digital Economy

marsbitHá 36m

Crypto Whale Wallets Accumulate Ozak AI Aggressively as Presale Funding Surpasses $6.8 Million

Crypto whales are aggressively accumulating Ozak AI tokens as the project's presale funding exceeds $6.8 million, signaling strong institutional interest. Analysts view this as strategic, long-term positioning rather than speculative trading, especially as large-cap assets like Bitcoin and Ethereum face growth compression. Ozak AI's presale has sold over 1.05 billion $OZ tokens at $0.014 each, attracting sustained demand from both whales and sophisticated retail investors. The project's AI-native utility, including Prediction Agents and EigenLayer integration, along with associations with Pyth Network and other firms, adds credibility. Market pullbacks are accelerating accumulation, with whales rotating into early-stage AI assets. A projected $1 listing target suggests significant upside potential post-listing.

TheNewsCryptoHá 46m

Crypto Whale Wallets Accumulate Ozak AI Aggressively as Presale Funding Surpasses $6.8 Million

TheNewsCryptoHá 46m

BTC Market Pulse: Week 17

BTC Market Pulse Week 17 indicates a complex market with mixed signals. Despite strong buyer interest buffering against significant declines, spot CVD turned negative, revealing increased selling pressure. Futures open interest rose, but declining funding rates and perpetual CVD suggest growing bearish sentiment. Options show reduced demand for downside protection, potentially softening bearish outlooks. US Spot ETF metrics improved, reflecting strong investor interest and profitability. Liquidity metrics indicate cautious conditions with easing outflows, while on-chain signals like improving NUPL suggest a potential stabilization phase, though fear-driven selling persists.

insights.glassnodeHá 1h

LayerZero Breaks Silence On $290 Million KelpDAO Crypto Exploit

LayerZero has addressed the $290 million exploit affecting KelpDAO's rsETH, asserting it was not a protocol failure but a result of KelpDAO's decision to use a single-DVN (Decentralized Verifier Network) configuration. The company claims the attack was isolated to this specific setup and confirms no contagion risk to other assets or applications. Preliminary analysis suggests the attack was executed by a sophisticated state actor, likely North Korea's Lazarus Group. The method involved poisoning RPC infrastructure used by the LayerZero Labs DVN, swapping binaries on compromised nodes, and using DDoS attacks to force traffic to the malicious infrastructure. However, LayerZero states its least-privilege principles prevented a direct compromise. The exploit was only possible due to KelpDAO's 1-of-1 verifier setup, which contradicts LayerZero's recommended multi-DVN redundancy model. A properly configured system with multiple independent DVNs would have prevented the attack. LayerZero has deprecated affected nodes, restored its DVN, and will no longer support 1/1 configurations. Aave has frozen rsETH and WETH reserves on its platforms as a precaution while confirming rsETH on Ethereum mainnet remains fully backed.

bitcoinistHá 1h

LayerZero Breaks Silence On $290 Million KelpDAO Crypto Exploit

bitcoinistHá 1h

Investor Confidence in Ozak AI Continues To Rise Despite Broader Uncertainty Across Crypto Markets

Despite broader crypto uncertainty with Bitcoin and Ethereum consolidating, Ozak AI ($OZ) continues to attract investor confidence, raising over $6 million in its presale. The project combines AI and DePIN (Decentralized Physical Infrastructure Network) to offer automation, prediction analytics, and scalable infrastructure. Key factors driving interest include its utility-focused approach, cross-chain support, staking mechanisms, and strategic partnerships with entities like SINT, Hive Intel, Pyth Network, and Dex3. These collaborations enhance data availability, liquidity, and execution capabilities. Priced at $0.014 in presale, Ozak AI’s tangible traction and long-term ecosystem potential position it strongly amid market volatility.

TheNewsCryptoHá 1h

Investor Confidence in Ozak AI Continues To Rise Despite Broader Uncertainty Across Crypto Markets