A popular NPM package got compromised, attackers updated it to run a post-install script that steals secrets
But the script is a *prompt* run by the user's installation of Claude Code. This avoids it being detected by tools that analyze code for malware
From @zacl_overflow on X
WORK IN PROGRESS:
Nuri.com - Bitcoin Wallet That Absolutely Everyone Can Use
Your Biometrics. Your Bitcoin. Your Money.
🔐 Create & recover wallet with Face-ID/Fingerprint 🚫 No seed phrases = No mistakes, no phishing, never lose Bitcoin 💳 Buy Bitcoin with Apple Pay 💸 Spend via VISA/Mastercard & ATMs ⚡ Get your name@nuri.com Lightning address 🔑 Multi-Sig, Hardware 2FA, Social Recovery & more
🏦 BE YOUR OWN BANK 100% Your Bitcoin • Unseizable Digital Property
💳 Nuri.com Bitcoin Card
🔐 Passkey - Replace all passwords with fingerprint 🪙 Hardware wallet - Ultimate cold storage 👆 Only your fingerprint unlocks it 📱 Works with any phone (NFC tap) 🔋 No charging ever 😊 Bitcoin security everyone can use!
