New Malware Campaign Targets Atomic and Exodus Wallets via Open-Source Software: Users Urged to Stay Alert

Cybercriminals have ramped up their efforts to exploit the cryptocurrency ecosystem, with a newly uncovered malware campaign now targeting users of popular crypto wallets Atomic and Exodus. According to cybersecurity firm ReversingLabs, attackers are leveraging open-source software repositories—specifically Node Package Manager (NPM) and SourceForge—to distribute malware designed to steal digital assets.

The Attack: Malicious Packages Disguised as Useful Tools

In this ongoing campaign, threat actors are uploading seemingly harmless packages to software platforms—often disguised as utilities like PDF-to-Office converters. Behind the scenes, however, these tools carry malware that executes a multi-stage attack on unsuspecting users’ systems.

Once installed, the malicious code first scans the device for cryptocurrency wallets. If wallets like Atomic or Exodus are detected, the malware activates features like:

• Clipboard hijackers, which replace copied wallet addresses with the attacker’s address.
• System monitoring, allowing hackers to assess the success of each infiltration.
• Persistence mechanisms, enabling the malware to stay active even after the software is deleted.

Even more alarming, ReversingLabs confirmed that uninstalling the fake software isn’t enough—the malware often embeds itself deep in the system, requiring users to fully reinstall their crypto wallet apps from trusted sources.

SourceForge Also Abused in Similar Campaign

Adding to the concern, Kaspersky researchers have identified a similar attack strategy unfolding on SourceForge. In this case, hackers are distributing fake Microsoft Office installers embedded with clipboard hijackers and crypto miners. These malicious files operate covertly, draining resources and compromising wallets while posing as legitimate software.

Industry-Wide Risks: Not Just a Crypto Problem

The increasing sophistication and frequency of these software supply chain attacks serve as a broader warning. What’s happening in the crypto world today may well foreshadow similar tactics in other industries.

“The frequency and sophistication of software supply chain attacks targeting the cryptocurrency industry are also a warning sign of what’s to come in other sectors,” ReversingLabs warned. “Organizations must improve their ability to monitor and defend against these threats.”

Growing Impact: Over $1.5 Billion Lost in Q1 2025

The financial toll is already staggering. According to DeFiLlama, more than $1.5 billion in crypto assets were lost to exploits in Q1 2025 alone. The most notable incident was the $1.4 billion breach at Bybit in February—underscoring how quickly these attacks can escalate in scope.