On October 30, attacks compromised several front-end websites of crypto apps through a malicious update to the Lottie Player animations library. This led to popups that falsely requested users to connect their wallets, redirecting them instead to the Ace Drainer crypto-draining scheme, according to Blockaid. Gal Nagli from Wiz noted that the supply chain attack uniquely injected malicious popups into otherwise unaffected websites. The attackers gained access to a LottieFiles' senior software engineer's GitHub account, pushing three malicious updates rapidly. Although affected libraries have been removed from GitHub, Nagli emphasized that users of older versions are still at risk and should update to the non-malicious packages (version 2.0.4 or 2.0.8). The attack was particularly aimed at major crypto websites using the library, impacting many popular sites across the internet. LottieFiles has not yet commented on the situation.

Source 🔗