The developer has injected malicious code into the popular JavaScript library

The cybercriminal, having gained access to the popular JavaScript library, injected there a malicious code that allows you to steal Bitcoin and Bitcoin Cash funds stored in BitPay Copay wallets. The presence of a malicious code was discovered last week, but only yesterday, researchers managed to understand what exactly this obfuscated code was doing. We are talking about the library Event-Stream, it downloaded the malicious content.

This is an extremely popular library, with more than two million weekly downloads. However, about three months ago, the author of Event-Stream transferred the library to another developer - Right9ctrl. Thanks to the vigilant user managed to install - Right9ctrl immediately introduced its malicious code into the development. The malicious component was seen in Event-Stream 3.3.6.

According to Twitter users, GitHub and Hacker News, the malicious code is in a state of "hibernation" until it is used inside the Copay source code (the desktop and mobile application acting as a wallet developed by the BitPay platform).

Once the malicious code gets into Copay, it will steal all user information, including private keys, and send it to copayapi.host on port 8080.

Source: anti-malware.ru