The malware was only deployed on Copay versions 5.0.2 through 5.1.0 of it’s Copay and BitPay wallet apps, and could potentially be used to capture private wallet keys that can be used to steal or drain the wallets of cryptocurrency.
BitPay Stresses, Users Should Assume That Private Keys Were Affected And To Move Funds To New 5.2.0 Wallets
Since it doesn’t take long to steal the funds of an account, the longer the wait, the more likely it is to think that private keys can be seen and used. Users should 1st update their wallets and then send all funds to affected wallets to brand new wallets on the version 5.2.0 using the send max feature to send ALL FUNDS out of the affect wallet.
The supposed fake dev, goes by the name Right9ctrl and took maintenance of the NodeJS library from it’s author who no longer had time for the work. THe social engineering attack occurred about three months ago when Right9cntrl was granted access to the repository and at that time, the malware was injected.
This is a major reason why using 3rd party libraries isn’t a very smart thing to do, if you have to use libraries, make sure you have someone able to monitor such for these types of malicious attacks and NEVER COPY website LIBRARY REFERENCES, use your own!