Malicious npm Package 'crypto-encrypt-ts' Discovered Targeting Crypto Wallets and MongoDB

Sonatype has discovered a malicious npm package named 'crypto-encrypt-ts' that masquerades as the popular CryptoJS library to steal cryptographic and personal data. This package was designed to target cryptocurrency wallets and MongoDB databases. Analysis of the source code suggests that the attackers may be based in Turkey. The malicious package was downloaded more than 100 times before being removed from the npm platform.