Threatening actors have found a new way to deliver malicious software, commands, and links within Ethereum Smart Contracts to prevent security scans as attacks using code repositors are changing.
Researchers of cybersecurity in the digital asset compliance firm ReversingLabs have found new pieces of open-source malware discovered in the Node Package Manager (NPM) Package Repository, a large collection of JavaScript’s packages and libraries.
The malware The packages are “use a novel and creative method for loading malware to compromised devices – smart contracts for Ethereum blockchain,” Reversingls Researcher Lucija Valentić Says In a blog post on Wednesday.
The two packages, “Colortoolsv2” and “Mimelib2,” published in July, “abused wise contracts to hide malicious commands installed by malware downloads in compromised systems,” Valentić explained.
To avoid security scannings, packages work as simple downloads and instead of directly hosting malicious links, they got commands and control server address from Smart contracts.
When installed, the packages will query the blockchain to get the URLs for downloading the second stage of the malware, which carries the shipment or action, making the discovery more difficult because blockchain traffic is legitimate.
A new attack vector
Malware targeting is not before Ethereum Smart contracts; Used it Earlier this year by the collective hacking of North Korea as the Collective The Lazarus Group.
“What is new and different is the use of Ethereum Smart contracts to host URLs where malicious commands are located, which downloads the second stage of malware,” Valentić said, added:
“That is something we have never seen before, and it highlights the rapid evolution of strategies in avoiding discovering malicious actors who have been trolling open repositors and developers.”
An elaborate campaign of crypto deception
Malware packages are part of a larger, intricate social engineering and deception that is basic operating by GitHub.
The threat actors have created a fake cryptocurrency trading bot repository designed to look highly trustworthy by fabricated commits, fake user accounts specifically created to watch repositors, many guardians to mimic active development, and project descriptions with professional projects and documentation.
Related: Crypto users warned while ads pushed to malware with crypto apps
Threat actors are emerging
In 2024, security researchers were documented by 23 malicious crypto-related campaigns with open repositori resources, but the latest attack vector “shows that attacks on repositors are emerging,” combining blockchain technology with intricate social engineering to overlook traditional methods Valentić.
These attacks are not only executed in Ethereum. In April, a Fake github repository Posting as a solana trading bot was used to distribute hidden malware that stole crypto wallet credentials. Hackers have also had Target “bitcoinlib“An open-source Python library designed to make bitcoin development easier.
Magazine: The bitcoin to see ‘another big thrust’ up to $ 150k, eth pressure forms: commodity secrets
