Bitget App
Trade smarter
Open
HomepageSign up
Bitget>
News>
Hackers exploit Ethereum contracts to hide malware in npm packages

Hackers exploit Ethereum contracts to hide malware in npm packages

Portalcripto2025/09/04 17:40
By: by Editor
ETH-0.24%
  • Malware uses Ethereum contracts for hidden commands
  • Malicious npm packages exploit open source libraries
  • Fake campaign includes cryptocurrency trading bots

Um report A recent report from security firm ReversingLabs revealed that hackers are using Ethereum smart contracts as part of a new technique to hide malware in npm packages. This approach was identified in two packages published in July, called "colortoolsv2" and "mimelib2," which extracted command and control instructions directly from on-chain contracts.

According to researcher Lucija Valentic, the packets executed obfuscated scripts that queried Ethereum contracts to locate the payload for the next stage of the infection. This method replaces the traditional practice of inserting links directly into the code, making it more difficult for library maintainers to detect and remove the malware. "This is something we've never seen before," Valentic said, highlighting the sophistication of the technique and the speed with which threat actors adapt their strategies.

In addition to using smart contracts, the attackers created fake GitHub repositories with cryptocurrency themes, such as trading bots, that displayed artificially inflated activity. Fake stars, automated commits, and fictitious maintainer profiles were used to trick developers into trusting the packages and including them in their projects.

Although the identified packages have already been removed after a report, ReversingLabs warned that the incident is part of a larger campaign aimed at compromising the npm and GitHub ecosystems. Among the fake repositories was "solana-trading-bot-v2," which featured thousands of shallow commits to gain credibility while inserting malicious dependencies.

Valentic explained that the investigation revealed evidence of a broader, coordinated effort aimed at infiltrating malicious code into libraries widely used by developers. "These recent attacks by threat actors, including the creation of sophisticated attacks using blockchain and GitHub, show that repository attacks are evolving," he emphasized.

The company had also identified previous campaigns that abused developers' trust in open-source packages. This latest campaign, however, demonstrates how blockchain technology is being creatively incorporated into malware schemes, increasing the complexity of security in the cryptocurrency-related application and project development ecosystem.

Tags: Ethereum hackers
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
PoolX: Earn new token airdrops
Lock your assets and earn 10%+ APR
Lock now!

You may also like

Academic faction makes a comeback, small-town professor Waller becomes the hottest candidate for Federal Reserve Chair

Stablecoins, RWA, and on-chain payments are experiencing a rare period of policy alignment.

Chaincatcher2025/09/14 10:17

Trending news

More
1
Academic faction makes a comeback, small-town professor Waller becomes the hottest candidate for Federal Reserve Chair
2
Top Meme Coins to Buy Today 5 Picks Targeting +200% Market Moves

Crypto prices

More
Bitcoin
Bitcoin
BTC
$116,093.73
+0.09%
Ethereum
Ethereum
ETH
$4,665.91
-1.13%
XRP
XRP
XRP
$3.09
-2.33%
Tether USDt
Tether USDt
USDT
$1
-0.03%
Solana
Solana
SOL
$247.67
+2.18%
BNB
BNB
BNB
$937.19
-0.31%
USDC
USDC
USDC
$0.9996
-0.02%
Dogecoin
Dogecoin
DOGE
$0.2896
-1.54%
TRON
TRON
TRX
$0.3507
-0.66%
Cardano
Cardano
ADA
$0.9160
-2.77%
How to sell PI
Bitget lists PI – Buy or sell PI quickly on Bitget!
Trade now
Become a trader now?A welcome pack worth 6200 USDT for new users!
Sign up now
Trade smarter