Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Yikes! A sketchy npm package called 'nodejs-smtp' is out here pretending to be the legit Nodemailer library—downloaded 347 times since April 2025—and it's straight-up hijacking Atomic and Exodus crypto wallets. Supply chain attacks are getting wild, folks.

This malware sneaks into systems, targets Electron-based apps like those wallets, and exfiltrates private keys and seed phrases. If you're into crypto, double-check your dependencies—this is a classic case of 'trust no one' in the open-source world.

Published by The Hacker News on September 2, 2025, written by Ravie Lakshmanan. Stay vigilant, tech pros—always vet your packages before installing!