The existence of this malevolent code was discovered last week, but it was only on Monday, November 26, when researchers were able to determine what the highly darkened malevolent code really did.
Right9ctrl earlier released Event-Stream 3.3.6 which had a new dependency on Flatmap-Stream library V0.1.1, the place where the malevolent code was stored.
Users on GitHub, Hacker News and Twitter, said that this malevolent code lays inactive until it's applied inside the source code of the desktop & mobile wallet App Copay which was developed by BitPay, a Bitcoin payments platform.
Once the malevolent code has been assembled and launched inside infected versions of the Copay wallet App, it will swindle clients' wallet data, and then transfer it to copayapi.host URL with port 8080.
Experts believe that the hacker used this data to empty victims' wallets. According to the blog post, the team from Copay revealed that all versions ranging from 5.0.1 to 5.1.0 were regarded infected and advised clients to update to the latest versions such as 5.2.0 or later.
In May this year, a hacker attempted to conceal a backdoor in another famous NPM package called getcookies.