cybersecuritysupply-chain attackcryptocurrency theftsoftware vulnerability

Injective SDK on npm infected with cryptocurrency wallet stealer

July 9, 2026

Back to all posts

Source: BleepingComputer

A malicious package named 'Injective' has been detected on the Node Package Manager (npm), a popular repository for JavaScript libraries used in many software development projects, including those in Canada. This SDK, disguised as a tool to help developers work with XML files, was actually designed to steal cryptocurrency wallet information from infected systems. The incident highlights the growing threat of supply-chain attacks, where malicious code is introduced at the early stages of software development, making it challenging for businesses to detect and prevent such threats. Canadian SMB owners and IT managers should prioritize maintaining up-to-date dependencies, regularly audit their npm packages, and implement strong security measures to safeguard their systems from similar attacks.
cybersecuritysupply-chain attackcryptocurrency theftsoftware vulnerability

Concerned about this threat to your business?

We help Canadian SMBs deploy the controls discussed in this article. Free 30-minute assessment — no obligation.

Book a free assessment