SlowMist: Attackers use NPM to poison malicious SVG and trick DApp users into signing to steal coins through XSS popups

Source: CoinWorld Time: 2025-09-17 09:28:59

According to Bijie.com, 23pds, chief information security officer of Slow Mist Technology, posted on the X platform that recently attackers poisoned the NPM supply chain, replaced the SVG referenced by the decentralized platform with embedded malicious script files, and used SVG's XSS pop-up window to induce DApp users to sign, steal user assets, and pay attention to security.

Slow fog: Attacker uses NPM to poison and injects malicious SVG, and induces DApp users to sign and steal coins through XSS pop-up windows

PANews 2025-09-17 09:24:10
dAPP infrastructure Epoch Protocol completed a US$1.2 million financing, and Alphemy Capital and other investments

CoinWorld 2025-09-16 09:33:17
dAPP infrastructure Epoch Protocol completed a $1.2 million financing, with Alphemy Capital and others participating in the investment

ChainCatcher 2025-09-16 09:29:15
OKX CEO Star: X Layer will be connected to global dApp infrastructure in the coming weeks

BlockBeats 2025-09-15 10:22:09
OKX Star: Top DApp Infrastructure for X Layer in the coming weeks

ChainCatcher 2025-09-15 10:20:40
OKX CEO: Top DApp Infrastructure for X Layer in the coming weeks

ChainCatcher 2025-09-15 10:17:56
OKX CEO: Top DApp Infrastructure to X Layer in the coming weeks

Odaily 2025-09-15 10:17:25
OKX Star: Top DApp infrastructure will be introduced to X Layer in the coming weeks

ForesightNews 2025-09-15 10:15:08
Project Hunt: Web3 Bank BasedApp has added the most recent top people to the last 7 days

ChainCatcher 2025-09-11 10:15:01
VeChain launches VeFounder program to empower Web3 developers with ready-made dApps

CoinWorld 2025-09-10 14:28:17

Link copied to clipboard

SlowMist: Attackers use NPM to poison malicious SVG and trick DApp users into signing to steal coins through XSS popups

Related News