cybersecuritysupply-chain attackcryptocurrency theftsoftware vulnerability
Injective SDK on npm infected with cryptocurrency wallet stealer
July 9, 2026
Back to all postsA malicious package named 'Injective' has been detected on the Node Package Manager (npm), a popular repository for JavaScript libraries used in many software development projects, including those in Canada. This SDK, disguised as a tool to help developers work with XML files, was actually designed to steal cryptocurrency wallet information from infected systems. The incident highlights the growing threat of supply-chain attacks, where malicious code is introduced at the early stages of software development, making it challenging for businesses to detect and prevent such threats. Canadian SMB owners and IT managers should prioritize maintaining up-to-date dependencies, regularly audit their npm packages, and implement strong security measures to safeguard their systems from similar attacks.
Source: BleepingComputer
cybersecuritysupply-chain attackcryptocurrency theftsoftware vulnerability
Concerned about this threat to your business?
We help Canadian SMBs deploy the controls discussed in this article. Free 30-minute assessment — no obligation.
