Web3 Antivirus, or Web3 security stack, has highlighted a threat from a malicious NPM package. It earlier flagged a threat from a legitimate Chrome extension. Notably, smart contract exploits and phishing & social engineering are some of the top Web3 security threats to lookout for in 2026.
Web3 Security Issue Flagged
Web3 Antivirus has published a post on X to inform the community that a malicious NPM package was caught deploying a RAT. It was disguised as an OpenClaw installer with the primary objective of stealing macOS credentials. Web3 Antivirus has further briefed the community about how the act was being carried out.
The package launches a fake CLI installer after it is installed normally. Once launched, it seeks macOS Keychain password. It is recommended not to do so because once shared, the malware can extract several pieces of information. This includes seed phrases, browser credentials, crypto wallet data, and SSH & cloud keys.
All the pieces find their way to the attacker’s server. Web3, with this, is seeing different types of threats for users worldwide.
Previously Flagged Threat
Web3 Antivirus previously flagged a threat from a legitimate Chrome extension. It warned that it was turning malicious after the ownership was transferred. This allows attackers to inject codes into web pages and steal the data of a user. The update, according to Web3 security stack, removed security headers and fingerprints before pulling malicious scripts from a remote server.
For the crypto community, such an act can turn into a theft for exchange sessions, compromised wallets, browser credentials, and seed phrase phishing.
It has named two extensions: QuickLens and ShotBird, adding that they have 7,000 and 800 users, respectively.
Top Web3 Security Threats in 2026
Some of the top Web3 security threats in 2026 are smart contract exploits and phishing & social engineering. The former largely pertains to vulnerabilities in code. This refers to infusing logic errors, input validation issues, and access control failures.
The latter, as the name suggests, involves making fake calls or impersonating partners to attack users and developers – even founders on some occasions.
Others on the list are wallet drainers, private key manipulation, and price oracle manipulation. The end goal of malicious actors is to steal data and drain funds or negatively impact the system.
Some of the common vulnerabilities are access control failures, logic errors, and unsigned API queries.
Highlighted Crypto News Today:
Nasdaq Collaboration Targets Pan-European Tokenized Securities Trading and Settlement
