By using Ethereum smart contracts, bad actors can now deploy malware and malicious code without having to go through traditional security scanning.
The following is a summary of the information that you will find on this page.
- The packages use Ethereum Smart Contracts to disguise malicious payloads.
- Researchers suspect that it may be part of a wider campaign which mainly operates via GitHub.
ReversingLabs has conducted research on the effects of a variety of drugs. flagged a new malware open source that was deployed in the Node Package Manager repository. It uses smart contracts, obfuscated code and cryptic scripts to get command-and-control URLs which deliver malicious payloads into compromised systems.
NPM’s package repository has become a popular platform to distribute JavaScript libraries, tools and other software. It has been increasingly targeted by software supply-chain attacks in recent years as hackers have learned to use this technique to convince developers that they need malicious dependencies for their project.
ReversingLabs has discovered a new open-source malware strain hidden within two npm package names colortoolsv2 & mimelib2. According to ReversingLabs, the packages use Ethereum smart contracts for remotely loading malicious commands and installing downloader malware onto infected machines.
Initially, both packages appear as simple downloaders. Instead of hosting malicious links directly, these packages will query the blockchain when installed to fetch URLs.
Subsequently the URLs were used to link up with attacker-controlled servers which delivered a secondary payload. These malicious payloads typically aim to steal sensitive information, download remote access software, or act as an entry point for larger attacks.
ReversingLabs’ researchers claimed that these packages were part of a broader attack targeting open-source communities like npm, GitHub and others. Attackers used deceptive setups and social engineering to lure developers into integrating this malicious code in real-world apps.
Infrastructure-level threats have been around for a long time. ReversingLabs has released a separate report. published A trojanized package of npm was discovered earlier this year that silently redirects transactions from attacker-controlled accounts to wallets such as Atomic, Exodus or Atomic.
Lazarus, an infamous North Korean hacking team was arrested in the meantime observed It deployed malicious npm-packages earlier this year.
Slowmist flags another crime in 2024 revealed A scam that uses a malicious Ethereum RPC function to trick users of imToken’s wallet.
ReversingLabs has discovered a new attack vector that is different from the others. “ethereum smart contracts to host the URLs where malicious commands are located,” Noted in the report
ReversingLabs warned developers against interacting with third-party libraries or npm.
“It is critical for developers to assess each library […] and that means pulling back the covers on both open source packages and their maintainers: looking beyond raw numbers of maintainers, commits, and downloads to assess whether a given package – and the developers behind it – are what they present themselves as.”
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: crypto.news
