A hacker has gained (legitimate) access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay's Copay wallet apps. The presence of this malicious code was identified last week, but only now have researchers been able to understand what the heavily obfuscated malicious code actually does.
Read the article: ZDNet