Gate News 消息,3 月 23 日,一款名为 GhostClaw 的恶意软件近期针对 macOS 系统上的加密钱包发起攻击,主要目标为开发者群体。该恶意软件以伪造的 OpenClaw CLI 安装包形式上传至 npm 注册表,账号名为 openclaw-ai,于 3 月 3 日上线,3 月 10 日被下架,期间共感染 178 名开发者。安装后,恶意程序通过诱导用户输入 macOS 密码获取系统权限,随后从远程命令与控制(C2)服务器下载第二阶段载荷 GhostLoader,实施数据窃取与远程访问。GhostLoader 可扫描 Chromium 浏览器、macOS Keychain 及本地存储,提取私钥、助记词、SSH 密钥、云凭证及 AI 平台 API 令牌,并每 3 秒监控一次剪贴板以捕获加密相关敏感数据。被盗数据通过 Telegram、GoFile 及命令服务器传输至攻击者。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
Scallop Protocol on Sui Hit by Flash Loan Attack, $142K Drained via Oracle Manipulation
Gate News message, April 26 — Scallop Protocol, a lending platform on the Sui blockchain, suffered a flash loan exploit targeting a deprecated side contract linked to its sSUI rewards pool, resulting in a loss of approximately $142,000 (150,000 SUI). The attack exploited oracle price feed
GateNews12m fa
22-Year-Old Sentenced to 70 Months for $263 Million Crypto Theft Money Laundering
California resident Evan Tangeman, 22, was sentenced on Friday to 70 months in federal prison for his role laundering proceeds from a multi-state cryptocurrency theft ring that stole approximately $263 million in digital assets from victims, according to the U.S. Department of Justice. U.S.
CryptoFrontier1h fa
Litecoin Suffers Deep Chain Reorganization After MWEB Privacy Layer Zero-Day Exploit
Gate News message, April 26 — Litecoin underwent a deep chain reorganization on Saturday afternoon after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according
GateNews2h fa
Address Linked to Avi Eisenberg Shows New On-Chain Activity, Raising Security Concerns
Gate News message, April 26 — Blockchain analytics platform Arkham has identified renewed on-chain activity from an address believed to be connected to Avi Eisenberg, the attacker who profited approximately $110 million from the 2022 Mango Markets exploit. Eisenberg was previously sentenced to
GateNews4h fa
Sui 鏈 DeFi 借貸協議 Scallop 遭駭,舊版合約漏洞致 15 萬 SUI 被盜
Scallop 在 Sui 鏈遭攻擊,側合約牽連 sSUI 獎勵池被利用,約 15 萬枚 SUI 被盜,核心合約安全,存款與提領已恢復。官方聲明僅限於已棄用的獎勵合約,使用者資金未受影響。前 NEAR 開發者 Vadim 指漏洞源自 17 個月前的舊版 V2 套件,未初始化 last_index 導致自 2023 年起累積獎勵;修復需在共用物件加入版本欄位並強化版本檢查,避免過時套件造成風險。
ChainNewsAbmedia4h fa
Scallop Discovers sSUI Reward Pool Vulnerability, Suffers 150K SUI Loss but Pledges Full Reimbursement
Gate News message, April 26 — Scallop, a lending protocol in the Sui ecosystem, announced the discovery of a vulnerability in an auxiliary contract associated with its sSUI reward pool, resulting in a loss of approximately 150,000 SUI. The affected contract has been frozen, and Scallop confirmed
GateNews9h fa
