{"id":20268,"date":"2018-11-27T16:22:54","date_gmt":"2018-11-27T16:22:54","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29548\/Widely-Used-Open-Source-Software-Contained-Bitcoin-Stealing-Backdoor.html"},"modified":"2018-11-27T16:22:54","modified_gmt":"2018-11-27T16:22:54","slug":"widely-used-open-source-software-contained-bitcoin-stealing-backdoor","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/","title":{"rendered":"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2017\/08\/backdoor.jpg\" alt=\"Widely used open source software contained bitcoin-stealing backdoor\"\/><\/p>\n<aside id=\"social-left\" aria-label=\"Read the comments or share this article\">\n<h4 class=\"comment-count-before\"><a title=\"50 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2018\/11\/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin\/?comments=1\">reader comments<\/a><\/h4>\n<p><a title=\"50 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2018\/11\/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin\/?comments=1\"><span class=\"comment-count-number\">79<\/span> <span class=\"visually-hidden\">with 50 posters participating<\/span><\/a><\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/div>\n<\/aside>\n<p>A hacker or hackers sneaked a backdoor into a widely used open source code library with the aim of surreptitiously stealing funds stored in bitcoin wallets, software developers said Monday.<\/p>\n<p>The malicious code was inserted in two stages into <a href=\"https:\/\/www.npmjs.com\/package\/event-stream\">event-stream<\/a>, a code library with 2 million downloads that\u2019s used by Fortune 500 companies and small startups alike. In stage one, version 3.3.6, published on September 8, included a benign module known as flatmap-stream. Stage two was implemented on October 5 when flatmap-steam was updated to include malicious code that attempted to steal bitcoin wallets and transfer their balances to a server located in Kuala Lumpur. The backdoor came to light last Tuesday with <a href=\"https:\/\/github.com\/dominictarr\/event-stream\/issues\/116#issuecomment-440927400\">this report<\/a> from Github user Ayrton Sparling. Officials with the NPM, the open source project manager that hosted event-stream, didn\u2019t issue an advisory until Monday, six days later.<\/p>\n<p>NPM officials said the malicious code was designed to target people using a bitcoin wallet developed by <a href=\"https:\/\/copay.io\/\">Copay<\/a>, a company that incorporated event-stream into its app. <a href=\"https:\/\/github.com\/bitpay\/copay\/commit\/6cc4b757f6fbd111b9716b50d645390dd1f15105#diff-32607347f8126e6534ebc7ebaec4853dL12251\">This release<\/a> from earlier this month shows Copay updating its code to refer to flatmap-stream, but a Copay official <a href=\"https:\/\/github.com\/bitpay\/copay\/issues\/9346#issuecomment-441757628\">said in a Github discussion<\/a> that the malicious code was never deployed in any platforms. After this post went live, Copay officials updated their comment to say they did, in fact, release platforms that contained the backdoor.<\/p>\n<p>In a <a href=\"https:\/\/blog.bitpay.com\/npm-package-vulnerability-copay\/\">blog post<\/a> published after this post went live, Copay officials said versions 5.0.2 through 5.1.0 were affected by the backdoor and that users with these versions installed should avoid running the app until after installing version 5.2.0. The post stated:<\/p>\n<blockquote>\n<p><strong>Users should assume that private keys on affected wallets may have been compromised, so they should move funds to new wallets (v5.2.0) immediately.<\/strong> Users should <strong>not<\/strong> attempt to move funds to new wallets by importing affected wallets&#8217; twelve word backup phrases (which correspond to potentially compromised private keys). <strong>Users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the <code>Send Max<\/code> feature to initiate transactions of all funds.<\/strong><\/p>\n<\/blockquote>\n<p>The company continues to investigate the attack. It is also contacting copay-dash, another developer that uses the same open source code in its wallet app.<\/p>\n<p>\u201cThis compromise was not targeting module developers in general or really even developers,\u201d an NPM official told Ars in an email. \u201cIt targeted a select few developers at a company, Copay, that had a very specific development environment set up. Even then, the payload itself didn\u2019t run on those developers\u2019 computers; rather, it would be packaged into a consumer-facing app when the developers built a release. The goal was to steal Bitcoin from this application\u2019s end users.\u201d<\/p>\n<h2>Supply-chain attacks abound<\/h2>\n<p>According to the Github discussion that exposed the backdoor, the <a href=\"https:\/\/github.com\/dominictarr\">longtime event-stream developer<\/a> no longer had time to provide updates. So several months ago, he accepted the help of an <a href=\"https:\/\/github.com\/right9ctrl\">unknown developer<\/a>. The new developer took care to keep the backdoor from being discovered. Besides being gradually implemented in stages, it also narrowly targeted only the Copay wallet app. The malicious code was also hard to spot because the flatmap-stream module was encrypted.<\/p>\n<p> The attack is the latest to exploit weaknesses in a widely used supply chain to target downstream end users. Last month, <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/10\/two-new-supply-chain-attacks-come-to-light-in-less-than-a-week\/\">two supply-side attacks<\/a> came to light in a single week. One targeted VestaCP, a control-panel interface that system administrators use to manage servers. The attackers then modified an installer that was available on VestaCP\u2019s website.<\/p>\n<p>The second supply-chain attack slipped a malicious package into PyPI, the official repository for the widely used Python programming language. The PyPI event came two years after a college student\u2019s bachelor thesis used a similar technique to get an unauthorized Python module <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/06\/college-student-schools-govs-and-mils-on-perils-of-arbitrary-code-execution\/\">executed more than 45,000 times<\/a> on more than 17,000 separate domains. Some belonged to US governmental and military organizations.<\/p>\n<p>The supply-chain attacks show one of the weaknesses of open source code. Because of its openness and the lack of funds of many of its hobbyist developers and users, open source code can be subject to malicious modifications that often escape notice.<\/p>\n<p>NPM uses a feature called lockfile that requests only specific versions of code. That makes it possible for people to use only known good versions of a package when there are buggy or malicious versions that they depend on. Last year, NPM also acquired Lift Security, a company that maintained a database of known JavaScript vulnerabilities. NPM has since built the database directly into its command-line tool.<\/p>\n<p>The ability for malicious code to make its way into a code library used by so many applications and then escape notice for weeks shows that these NPM measures, while useful, are by no means sufficient. The time has come for maintainers and users of open-source software to devise new measures to better police the millions of packages being used all around us.<\/p>\n<p><em>This post was updated to add Copay comments that some platforms deployed the backdoor after all and, later, to add comments from a blog post.<\/em><\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29548\/Widely-Used-Open-Source-Software-Contained-Bitcoin-Stealing-Backdoor.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":20269,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[4819],"class_list":["post-20268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackermalwarecybercrimefraudbackdoorcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-27T16:22:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor\",\"datePublished\":\"2018-11-27T16:22:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/\"},\"wordCount\":852,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg\",\"keywords\":[\"headline,hacker,malware,cybercrime,fraud,backdoor,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/\",\"name\":\"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg\",\"datePublished\":\"2018-11-27T16:22:54+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg\",\"width\":640,\"height\":426},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,cybercrime,fraud,backdoor,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarecybercrimefraudbackdoorcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/","og_locale":"en_US","og_type":"article","og_title":"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-11-27T16:22:54+00:00","og_image":[{"width":640,"height":426,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor","datePublished":"2018-11-27T16:22:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/"},"wordCount":852,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg","keywords":["headline,hacker,malware,cybercrime,fraud,backdoor,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/","url":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/","name":"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg","datePublished":"2018-11-27T16:22:54+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor.jpg","width":640,"height":426},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/widely-used-open-source-software-contained-bitcoin-stealing-backdoor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,cybercrime,fraud,backdoor,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarecybercrimefraudbackdoorcryptography\/"},{"@type":"ListItem","position":3,"name":"Widely Used Open Source Software Contained Bitcoin-Stealing Backdoor"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/20268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=20268"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/20268\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/20269"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=20268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=20268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=20268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}