This article was prepared with the assistance of AI tools and reviewed by our editorial team. It is provided for informational purposes and may not reflect all details of the original reporting.
Hackers are exploiting Ethereum smart contracts to hide malware in seemingly harmless npm packages, using the blockchain as a resilient command channel. This sophisticated tactic complicates takedowns and reduces static indicators in code reviews. The method represents an evolution in software supply chain attacks targeting developers.
- Attackers use Ethereum smart contracts as immutable command channels, fetching malware URLs instead of hardcoding them in packages
- Fake GitHub repositories with inflated stars and commit histories serve as social engineering layers to distribute malicious dependencies
- Defense requires blocking install scripts, monitoring ethers.js calls to getString(), and implementing network controls for identified IOC addresses
📎 Source reference: cryptoslate.com
Other Tags: CryptoSlate, GitHub