Acquista cryptoMercatiSpotFutures OILOILEarnCentro eventi
Altro
USD1 Genesis
The post Attackers Are Now Using Ether Smart Contracts to Mask Malware appeared on BitcoinEthereumNews.com. Ethereum has become the latest front for software supply chain attacks. Researchers at ReversingLabs earlier this week uncovered two malicious NPM packages that used Ethereum smart contracts to conceal harmful code, allowing the malware to bypass traditional security checks. NPM is a package manager for the runtime environment Node.js and is considered the world’s largest software registry, where developers can access and share code that contributes to millions of software programs. The packages, “colortoolsv2” and “mimelib2,” were uploaded to the widely used Node Package Manager repository in July. They appeared to be simple utilities at first glance, but in practice, they tapped Ethereum’s blockchain to fetch hidden URLs that directed compromised systems to download second-stage malware. By embedding these commands within a smart contract, attackers disguised their activity as legitimate blockchain traffic, making detection more difficult. “This is something we haven’t seen previously,” ReversingLabs researcher Lucija Valentić said in their report. “It highlights the fast evolution of detection evasion strategies by malicious actors who are trolling open source repositories and developers.” The technique builds on an old playbook. Past attacks have used trusted services like GitHub Gists, Google Drive, or OneDrive to host malicious links. By leveraging Ethereum smart contracts instead, attackers added a crypto-flavored twist to an already dangerous supply chain tactic. The incident is part of a broader campaign. ReversingLabs discovered the packages tied to fake GitHub repositories that posed as cryptocurrency trading bots. These repos were padded with fabricated commits, bogus user accounts, and inflated star counts to look legitimate. Developers who pulled the code risked importing malware without being aware of it. Supply chain risks in open-source crypto tooling are not new. Last year, researchers flagged more than 20 malicious campaigns targeting developers through repositories such as npm and PyPI. Many were aimed at stealing wallet… The post Attackers Are Now Using Ether Smart Contracts to Mask Malware appeared on BitcoinEthereumNews.com. Ethereum has become the latest front for software supply chain attacks. Researchers at ReversingLabs earlier this week uncovered two malicious NPM packages that used Ethereum smart contracts to conceal harmful code, allowing the malware to bypass traditional security checks. NPM is a package manager for the runtime environment Node.js and is considered the world’s largest software registry, where developers can access and share code that contributes to millions of software programs. The packages, “colortoolsv2” and “mimelib2,” were uploaded to the widely used Node Package Manager repository in July. They appeared to be simple utilities at first glance, but in practice, they tapped Ethereum’s blockchain to fetch hidden URLs that directed compromised systems to download second-stage malware. By embedding these commands within a smart contract, attackers disguised their activity as legitimate blockchain traffic, making detection more difficult. “This is something we haven’t seen previously,” ReversingLabs researcher Lucija Valentić said in their report. “It highlights the fast evolution of detection evasion strategies by malicious actors who are trolling open source repositories and developers.” The technique builds on an old playbook. Past attacks have used trusted services like GitHub Gists, Google Drive, or OneDrive to host malicious links. By leveraging Ethereum smart contracts instead, attackers added a crypto-flavored twist to an already dangerous supply chain tactic. The incident is part of a broader campaign. ReversingLabs discovered the packages tied to fake GitHub repositories that posed as cryptocurrency trading bots. These repos were padded with fabricated commits, bogus user accounts, and inflated star counts to look legitimate. Developers who pulled the code risked importing malware without being aware of it. Supply chain risks in open-source crypto tooling are not new. Last year, researchers flagged more than 20 malicious campaigns targeting developers through repositories such as npm and PyPI. Many were aimed at stealing wallet…

Attackers Are Now Using Ether Smart Contracts to Mask Malware

Autore: BitcoinEthereumNews
Fonte: BitcoinEthereumNews
2025/09/05 01:00
2 min di lettura
Threshold
T$0.006135-2.29%
Moonveil
MORE$0.00003991+5.19%
NODE
NODE$0.01208-0.41%
Smart Blockchain
SMART$0.005318+3.36%
Mask Network
MASK$0.4358-0.97%
Per feedback o dubbi su questo contenuto, contattateci all'indirizzo crypto.news@mexc.com.

Ethereum has become the latest front for software supply chain attacks.

Researchers at ReversingLabs earlier this week uncovered two malicious NPM packages that used Ethereum smart contracts to conceal harmful code, allowing the malware to bypass traditional security checks.

NPM is a package manager for the runtime environment Node.js and is considered the world’s largest software registry, where developers can access and share code that contributes to millions of software programs.

The packages, “colortoolsv2” and “mimelib2,” were uploaded to the widely used Node Package Manager repository in July. They appeared to be simple utilities at first glance, but in practice, they tapped Ethereum’s blockchain to fetch hidden URLs that directed compromised systems to download second-stage malware.

By embedding these commands within a smart contract, attackers disguised their activity as legitimate blockchain traffic, making detection more difficult.

“This is something we haven’t seen previously,” ReversingLabs researcher Lucija Valentić said in their report. “It highlights the fast evolution of detection evasion strategies by malicious actors who are trolling open source repositories and developers.”

The technique builds on an old playbook. Past attacks have used trusted services like GitHub Gists, Google Drive, or OneDrive to host malicious links. By leveraging Ethereum smart contracts instead, attackers added a crypto-flavored twist to an already dangerous supply chain tactic.

The incident is part of a broader campaign. ReversingLabs discovered the packages tied to fake GitHub repositories that posed as cryptocurrency trading bots. These repos were padded with fabricated commits, bogus user accounts, and inflated star counts to look legitimate.

Developers who pulled the code risked importing malware without being aware of it.

Supply chain risks in open-source crypto tooling are not new. Last year, researchers flagged more than 20 malicious campaigns targeting developers through repositories such as npm and PyPI.

Many were aimed at stealing wallet credentials or installing crypto miners. But the use of Ethereum smart contracts as a delivery mechanism shows adversaries are adapting quickly to blend into blockchain ecosystems.

A takeaway for developers is that popular commits or active maintainers can be faked, and even seemingly innocuous packages may carry hidden payloads.

Source: https://www.coindesk.com/markets/2025/09/04/crypto-hackers-are-now-using-ethereum-smart-contracts-to-mask-malware-payloads

Opportunità di mercato
Logo Threshold
Valore Threshold (T)
$0.006135
$0.006135$0.006135
-2.58%
USD
Grafico dei prezzi in tempo reale di Threshold (T)
Disclaimer: gli articoli ripubblicati su questo sito provengono da piattaforme pubbliche e sono forniti esclusivamente a scopo informativo. Non riflettono necessariamente le opinioni di MEXC. Tutti i diritti rimangono agli autori originali. Se ritieni che un contenuto violi i diritti di terze parti, contatta crypto.news@mexc.com per la rimozione. MEXC non fornisce alcuna garanzia in merito all'accuratezza, completezza o tempestività del contenuto e non è responsabile per eventuali azioni intraprese sulla base delle informazioni fornite. Il contenuto non costituisce consulenza finanziaria, legale o professionale di altro tipo, né deve essere considerato una raccomandazione o un'approvazione da parte di MEXC.

Potrebbe anche piacerti

Scott Bessent Urges Senate to Pass CLARITY Act Immediately

Scott Bessent Urges Senate to Pass CLARITY Act Immediately

The post Scott Bessent Urges Senate to Pass CLARITY Act Immediately appeared on BitcoinEthereumNews.com. Scott Bessent urges Senate to pass the CLARITY Act, warning
Condividi
BitcoinEthereumNews2026/04/09 21:19
Solo Bitcoin Miner Achieves Stunning Victory, Defying 1-in-100,000 Odds to Mine Full Block

Solo Bitcoin Miner Achieves Stunning Victory, Defying 1-in-100,000 Odds to Mine Full Block

BitcoinWorld Solo Bitcoin Miner Achieves Stunning Victory, Defying 1-in-100,000 Odds to Mine Full Block In a stunning demonstration of persistence and sheer luck
Condividi
bitcoinworld2026/04/09 20:50
White House called on the carpet for risky war on Pope Leo: 'This is preposterous'

White House called on the carpet for risky war on Pope Leo: 'This is preposterous'

A report that Donald Trump’s administration menaced the first American-born pope led the entire panel on MS NOW’s "Morning Joe” to wonder what they could possibly
Condividi
Rawstory2026/04/09 20:59

$30,000 in PRL + 15,000 USDT

$30,000 in PRL + 15,000 USDT$30,000 in PRL + 15,000 USDT

Deposit & trade PRL to boost your rewards!