Hackers exploit Ethereum contracts to hide malware in npm packages

Bitget App

Trade smarter

Bitget

News

Portalcripto2025/09/04 17:40

By:by Editor

Malware uses Ethereum contracts for hidden commands
Malicious npm packages exploit open source libraries
Fake campaign includes cryptocurrency trading bots

Um report A recent report from security firm ReversingLabs revealed that hackers are using Ethereum smart contracts as part of a new technique to hide malware in npm packages. This approach was identified in two packages published in July, called "colortoolsv2" and "mimelib2," which extracted command and control instructions directly from on-chain contracts.

According to researcher Lucija Valentic, the packets executed obfuscated scripts that queried Ethereum contracts to locate the payload for the next stage of the infection. This method replaces the traditional practice of inserting links directly into the code, making it more difficult for library maintainers to detect and remove the malware. "This is something we've never seen before," Valentic said, highlighting the sophistication of the technique and the speed with which threat actors adapt their strategies.

In addition to using smart contracts, the attackers created fake GitHub repositories with cryptocurrency themes, such as trading bots, that displayed artificially inflated activity. Fake stars, automated commits, and fictitious maintainer profiles were used to trick developers into trusting the packages and including them in their projects.

Although the identified packages have already been removed after a report, ReversingLabs warned that the incident is part of a larger campaign aimed at compromising the npm and GitHub ecosystems. Among the fake repositories was "solana-trading-bot-v2," which featured thousands of shallow commits to gain credibility while inserting malicious dependencies.

Valentic explained that the investigation revealed evidence of a broader, coordinated effort aimed at infiltrating malicious code into libraries widely used by developers. "These recent attacks by threat actors, including the creation of sophisticated attacks using blockchain and GitHub, show that repository attacks are evolving," he emphasized.

The company had also identified previous campaigns that abused developers' trust in open-source packages. This latest campaign, however, demonstrates how blockchain technology is being creatively incorporated into malware schemes, increasing the complexity of security in the cryptocurrency-related application and project development ecosystem.

Tags: Ethereum hackers

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!

The article analyzes the TGE performance of multiple blockchain projects, evaluating project performance using three dimensions: current price versus all-time high, time span, and liquidity-to-market cap ratio. Projects are then categorized into five grades: S, A, B, C, and D. Summary generated by Mars AI This summary was generated by the Mars AI model, and the accuracy and completeness of its content are still being iteratively updated.

MarsBit•2025/11/28 16:26

2025 TGE Survival Ranking: Who Will Rise to the Top and Who Will Fall? Complete Grading of 30+ New Tokens, AVICI Dominates S+

Mars Finance | "Machi" increases long positions, profits exceed 10 million dollars, whale shorts 1,000 BTC

Russian households have invested 3.7 billion rubles in cryptocurrency derivatives, mainly dominated by a few large players. INTERPOL has listed cryptocurrency fraud as a global threat. Malicious Chrome extensions are stealing Solana funds. The UK has proposed new tax regulations for DeFi. Bitcoin surpasses $91,000. Summary generated by Mars AI. The accuracy and completeness of this summary are still being iteratively updated by the Mars AI model.

MarsBit•2025/11/28 16:26