cryptonews24
Cryptonews24 10 hours ago
cryptonews24 #news

Hackers Have Found a New Way to Mask Malware in Ethereum Smart Contracts

Researchers have discovered malicious packages in NPM that accessed the Ethereum blockchain to covertly download viral code onto users' devices.

Cybersecurity specialists have identified a new method used by attackers to bypass protection systems—they use Ethereum smart contracts to hide malicious commands and links.

What Happened

ReversingLabs reported on two packages in the Node Package Manager (NPM) repository—colortoolsv2 and mimelib2. They were published in July and contained a hidden mechanism for downloading malicious software.

At first glance, the packages appeared to be ordinary tools for working with JavaScript. In reality, they accessed the Ethereum blockchain to obtain command-and-control server addresses, which allowed them to download the second stage of the malicious code.

Why It's Dangerous

Traffic to the blockchain appears legitimate, making it significantly more difficult to detect the attack. Instead of directly placing malicious links in the code, the attackers "embedded" them in smart contracts. This allows them to bypass security checks that scan open repositories.

According to ReversingLabs researcher Lucija Valentić, this approach has not been seen before. It demonstrates how quickly hackers are improving their methods of evading detection.

Social Engineering and a Broader Campaign

The use of malicious packages was only part of a larger fraudulent operation. The hackers created fake GitHub repositories that mimicked serious crypto trading projects. To appear credible, they added fake commits, created multiple "developer" accounts, and prepared documentation to a professional standard.

Not Just Ethereum

Similar attacks have also affected other blockchains. In April, a fake "Solana trading bot" repository was identified, distributing malware to steal crypto wallets. There have also been cases of compromised libraries for working with Bitcoin.

2024 has already seen over two dozen attacks on open-source code repositories related to cryptocurrencies. Recent cases show that attackers are combining the technical innovations of blockchain with sophisticated social engineering. This creates new challenges for both developers and security systems.

#Ethereum #CyberSecurity #Malware #SmartContracts #Crypto #NPM #ReversingLabs #Blockchain #SocialEngineering #Hackers

0
92

Login to Post comments

Comments 0
Arthur Hayes Predicts Further Bitcoin Drop: What Investors Should Know

Arthur Hayes Predicts Further Bitcoin Drop: What Investors Should Know

1756937793.png
Cryptonews24
 5 months ago
🚀 Cronos Proposes Major Token Reissue: What It Means for the Ecosystem

🚀 Cronos Proposes Major Token Reissue: What It Means for the Ecosyste...

1756937793.png
Cryptonews24
 6 months ago
Strategy не прекратит покупать биткоин

Strategy не прекратит покупать биткоин

1757169138.jpg
Alex Malash
 20 hours ago
BTCPay Server: Незалежність, Безпека та Власний контроль над платежами. Чому це майбутнє крипто-економіки?

BTCPay Server: Незалежність, Безпека та Власний контроль над платежами...

1756946317.jpg
Аліса
 3 days ago
December token unlocks worth over $5 billion

December token unlocks worth over $5 billion

1756937793.png
Cryptonews24
 9 months ago