Middle East Daily
    Hot News
    Business

    Burgan Bank Renews Strategic Sponsorship of Academy X with CODED for a Second Consecutive Year

    Technology

    GameChain Collective Redefines Web3 Gaming Through Collaboration and Co-Creation

    Business

    Enhancing Saudi Arabia’s connectivity through Public-Private Partnerships

    Important Pages:
    • Privacy Policy
    • Terms & Conditions
    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Terms & Conditions
    Friday, July 3
    Facebook Twitter
    Middle East Daily
    • Home
    • News

      From Play-to-Earn to Player Ownership: GameChain Collective Drives the Next Gaming Evolution

      Tiësto to Headline INFINITY Lisbon at SBC Summit 2026

      Franc Vila Names Gulf Its Primary Market as Region’s Luxury Watch Sector Approaches $830 Million

      Kuwait shimmers in national colors; MoI at the ready

      Faraday Future Announces New FX Super One Deliveries in the Middle East as It Continues to Advance Towards the Region’s 2026 Delivery Goals

    • Business

      e& Carrier & Wholesale Services and Lenovo Connect partner to accelerate global connected vehicle and IoT services

      HUAWEI MatePad Pro Max Arrives in the UAE, Bringing the Slimmest 13-inch Tablet Yet

      Visa Announces Visa Threat Intelligence Platform to Strengthen Cyber and Fraud Defense

      Mobilink Bank Named Pakistan’s Best Digital Bank, Secures Three FinanceAsia Awards

      MAIR Group and Makani Real Estate Announce Mall of Al Ain Redevelopment and Expansion

    • Technology

      SBC Summit to Examine What Effective Player Protection Looks Like in Practice

      From Play-to-Earn to Player Ownership: GameChain Collective Drives the Next Gaming Evolution

      CNTXT AI Acquires Actualize to Strengthen Arabic Voice AI for Enterprise and Government Across the GCC

      SBC Summit unveils new pass structure alongside standalone Affiliate Leaders Summit access

      Tiësto to Headline INFINITY Lisbon at SBC Summit 2026

    • Lifestyle

      Dubai luxury real estate market strengthens across key price brackets

      Eqvilent Employee-Athlete Wins International Dressage Championship for UAE

      Emirates’ latest services and enhancements for customers with accessibility requirements

      Dubai’s rise as the global capital of branded residences: Documented by Provident

      Joel Corry and Imanbek to headline star-studded SBC Summit Opening Party

    • Submit A Press Release
    Breaking News:
    • e& Carrier & Wholesale Services and Lenovo Connect partner to accelerate global connected vehicle and IoT services
    • HUAWEI MatePad Pro Max Arrives in the UAE, Bringing the Slimmest 13-inch Tablet Yet
    • Visa Announces Visa Threat Intelligence Platform to Strengthen Cyber and Fraud Defense
    • Mobilink Bank Named Pakistan’s Best Digital Bank, Secures Three FinanceAsia Awards
    • MAIR Group and Makani Real Estate Announce Mall of Al Ain Redevelopment and Expansion
    • Ambassador Abu Bakar Mamat Presents Credentials in Wellington
    • Kazakhstan President Awards Captain Mohamed Juma Al Shamisi with the Order of Friendship
    • Etihad Rail Ushers in a New Chapter for Fujairah Tourism, with Truebell and Fujairah Tennis & Country Club at the Heart of the Journey
    Middle East Daily
    Home » Kaspersky uncovers $500K crypto heist through malicious packages
    Business

    Kaspersky uncovers $500K crypto heist through malicious packages

    Share
    Facebook Twitter LinkedIn Pinterest WhatsApp

    Kaspersky GReAT (Global Research and Analysis Team) experts have discovered open-source packages that download the Quasar backdoor and a stealer designed to exfiltrate cryptocurrency. The malicious packages are intended for the Cursor AI development environment, which is based on Visual Studio Code — a tool used for AI-assisted coding.

    The malicious open-source packages are extensions hosted in the Open VSX repository that claim to provide support for the Solidity programming language. However, in practice, they download and execute malicious code on users’ devices.

    During an incident response, a blockchain developer from Russia reached out to Kaspersky after installing one of these fake extensions on his computer, which allowed attackers to steal approximately $500,000 worth of crypto assets.

    The threat actor behind these packages managed to deceive the developer by making the malicious package rank higher than the legitimate one. The attacker achieved this by artificially inflating the malicious package’s downloads count to 54,000.

    Search results for the query “solidity”: the malicious extension (highlighted in red) and the legitimate one (highlighted in green).

    After installation, the victim gained no actual functionality from the extension. Instead, malicious ScreenConnect software was installed on the computer, granting threat actors remote access to the infected device. Using this access, they deployed the open-source Quasar backdoor along with a stealer that collects data from browsers, email clients, and crypto wallets. With these tools, the threat actors were able to obtain the developer’s wallet seed phrases and subsequently steal cryptocurrency from the accounts.

    After the malicious extension downloaded by the developer was discovered and removed from the repository, the threat actor republished it and artificially inflated its installation count to a higher number – 2 million, compared to 61,000 for the legitimate package. The extension was removed from the platform following a request from Kaspersky.

    “Spotting compromised open-source packages with the naked eye is becoming increasingly difficult. Threat actors are using increasingly creative tactics to deceive potential victims, even developers who have a strong understanding of cybersecurity risks — particularly those working in the blockchain development field. As we expect adversaries to continue targeting developers, it is recommended that even experienced IT professionals deploy dedicated security solutions to safeguard sensitive data and prevent financial losses,” commented Georgy Kucherin, Security Researcher with Kaspersky’s Global Research and Analysis Team.

    The threat actor behind the attack published not only malicious Solidity extensions but also another NPM package, solsafe, which also downloads ScreenConnect. A few months earlier, three additional malicious Visual Studio Code extensions were released — solaibot, among-eth, and blankebesxstnion — all of them have already been removed from the repository.

    To stay safe, Kaspersky recommends:

    • Use a solution for monitoring the used open-source components in order to detect the threats that might be hidden inside.
    • If you suspect that a threat actor may have gained access to your company’s infrastructure, we recommend using the Kaspersky Compromise Assessment service to uncover any past or ongoing attacks.
    • Verify package maintainers: check the credibility of the maintainer or organization behind the package. Look for consistent version history, documentation, and an active issue tracker.
    • Stay informed on emerging threats: subscribe to security bulletins and advisories related to the open-source ecosystem. The earlier you know about a threat, the faster you can respond.

    More information is available in a report on Securelist.com.

    About Kaspersky

    Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp

    Related Posts

    Business

    e& Carrier & Wholesale Services and Lenovo Connect partner to accelerate global connected vehicle and IoT services

    Business

    HUAWEI MatePad Pro Max Arrives in the UAE, Bringing the Slimmest 13-inch Tablet Yet

    Business

    Visa Announces Visa Threat Intelligence Platform to Strengthen Cyber and Fraud Defense

    Business

    Mobilink Bank Named Pakistan’s Best Digital Bank, Secures Three FinanceAsia Awards

    Business

    MAIR Group and Makani Real Estate Announce Mall of Al Ain Redevelopment and Expansion

    Business

    Ambassador Abu Bakar Mamat Presents Credentials in Wellington

    Business

    Kazakhstan President Awards Captain Mohamed Juma Al Shamisi with the Order of Friendship

    Business

    Etihad Rail Ushers in a New Chapter for Fujairah Tourism, with Truebell and Fujairah Tennis & Country Club at the Heart of the Journey

    Follow Us
    • Facebook
    • Twitter
    Top Posts
    Business

    Warba launches “Your Coffee on Us” campaign in partnership with Kuwait Flour Mills at T4

    Kuwait: Warba Bank has announced the launch of a new strategic collaboration with Kuwait Flour Mills…

    Business

    IATA Launches DG Digital to Fully Digitalize Dangerous Goods Declarations

    13 March 2026 (Lima) – The International Air Transport Association (IATA) has launched DG Digital, IATA’s digital Dangerous Goods Declaration solution, as a feature of DG AutoCheck. The new tool fully digitalizes the creation and approval of shippers’ declarations for more than 3,800 dangerous items—from lithium batteries to explosives and chemicals. This results in faster document sharing, improved safety, and a significant reduction in rejected shipments. Today, 95% of Dangerous Goods Declarations are still received in paper format. These declarations must be scanned, converted into a PDF document, then uploaded into DG Aut

    Business

    Two New Nissan Concepts to make Global debut at Auto Shanghai 2023

    Amman-Jordan ( April 2023) – Nissan’s Max-Out all-electric convertible concept is set to make its…

    Business

    ROSHN GROUP launches first phase of sales for ALDANAH, offering 1000+ units for a new way of living in Dhahran

    RIYADH, June 2025: ROSHN Group, Saudi Arabia’s leading multi-asset class real estate developer and a…

    Business

    Bvlgari Hotels & Resorts sign a long-term agreement with Eagle Hills

    Rome – Bvlgari Hotels & Resorts is delighted to announce that an agreement has been signed…

    Welcome to Middle East Daily, your daily dose of news and insights from the heart of the Middle East. Explore the latest headlines, delve into thought-provoking analysis, and engage with stories that define our region's narrative.

    Facebook Twitter
    Categories
    • Business (772)
    • Lifestyle (127)
    • News (137)
    • Technology (112)
    Top Insights
    Business

    Aura wins Eureka! GCC 2024 Grand Prize for the most innovative start-up company

    Business

    Meraki Developers announces launch of The Haven III, an exclusive residential community in the heart of Majan, Dubailand

    © 2026 Middle East Daily.
    • Home
    • Privacy Policy
    • Terms & Conditions

    Type above and press Enter to search. Press Esc to cancel.