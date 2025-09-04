Hackers Use Ethereum Smart Contracts To Hide Malware Attacks

Par : BitcoinEthereumNews
2025/09/04 22:33
Threshold
T$0.0156-3.52%
Hyperbot
BOT$0.05155+32.51%
Moonveil
MORE$0.09804-1.77%
BRC20.COM
COM$0.016449-8.22%
NODE
NODE$0.09532-4.85%
Smart Blockchain
SMART$0.005663-9.40%

Threat actors have found a new way to deliver malicious software, commands, and links inside Ethereum smart contracts to evade security scans as attacks using code repositories evolve. 

Cybersecurity researchers at digital asset compliance firm ReversingLabs have found new pieces of open-source malware discovered on the Node Package Manager (NPM) package repository, a large collection of JavaScript packages and libraries.

The malware packages “employ a novel and creative technique for loading malware on compromised devices — smart contracts for the Ethereum blockchain,” ReversingLabs researcher Lucija Valentić said in a blog post on Wednesday.

The two packages, “colortoolsv2” and “mimelib2,” published in July, “abused smart contracts to conceal malicious commands that installed downloader malware on compromised systems,” explained Valentić. 

To avoid security scans, the packages functioned as simple downloaders and instead of directly hosting malicious links, they retrieved command and control server addresses from the smart contracts. 

When installed, the packages would query the blockchain to fetch URLs for downloading second-stage malware, which carries the payload or action, making detection more difficult since blockchain traffic appears legitimate.

NPM packages ‘colortoolsv2’ and ‘mimelib2’ on GitHub. Source: ReversingLabs

A new attack vector 

Malware targeting Ethereum smart contracts is not new; it was used earlier this year by the North Korean-affiliated hacking collective the Lazarus Group.

“What is new and different is the use of Ethereum smart contracts to host the URLs where malicious commands are located, downloading the second-stage malware,” said Valentić, who added: 

An elaborate crypto deception campaign

The malware packages were part of a larger, elaborate social engineering and deception campaign primarily operating through GitHub. 

Threat actors created fake cryptocurrency trading bot repositories designed to look highly trustworthy through fabricated commits, fake user accounts created specifically to watch repositories, multiple maintainer accounts to simulate active development, and professional-looking project descriptions and documentation.

Related: Crypto users warned as ads push malware-laden crypto apps

Threat actors are evolving 

In 2024, security researchers documented 23 crypto-related malicious campaigns on open-source repositories, but this latest attack vector “shows that attacks on repositories are evolving,” combining blockchain technology with elaborate social engineering to bypass traditional detection methods, Valentić concluded. 

These attacks are not only executed on Ethereum. In April, a fake GitHub repository posing as a Solana trading bot was used to distribute obscured malware that stole crypto wallet credentials. Hackers have also targeted “Bitcoinlib,” an open-source Python library designed to make Bitcoin development easier.

Magazine: Bitcoin to see ‘one more big thrust’ to $150K, ETH pressure builds: Trade Secrets

Source: https://cointelegraph.com/news/new-malware-discovered-targeting-ethereum-smart-contracts-devs?utm_source=rss_feed&utm_medium=feed%3Fsid%3D4f549ebc9188c326%26_dc%3D1756996162029%26nc%3D1756996162029&utm_campaign=rss_partner_inbound

Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter [email protected] pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Partager des idées

Vous aimerez peut-être aussi

Here’s why Polygon price is at risk of a 25% plunge

Here’s why Polygon price is at risk of a 25% plunge

Polygon price continued its freefall, reaching its lowest level since April 21, as the broader crypto sell-off gained momentum. Polygon (POL) dropped to $0.1915, down 32% from its highest point in May and 74% below its 2024 peak. The crash…
Polygon Ecosystem
POL$0.2781-1.59%
SphereX
HERE$0.000249--%
MAY
MAY$0.04293+0.70%
Partager
Crypto.news2025/06/19 00:56
Partager
Pump.fun’s dominance is challenged by new platforms, the traffic war of MEME coin Glonk begins, and the founder comes out to help

Pump.fun’s dominance is challenged by new platforms, the traffic war of MEME coin Glonk begins, and the founder comes out to help

On May 14, the MEME market staged a striking showdown. The MEME coin named Glonk was launched on both the Pump.fun and Letsbonk.fun Launchpad platforms, and the founders of the two platforms personally came out to promote the platform. This battle for traffic not only quickly ignited the enthusiasm of the market, but also revealed the increasingly fierce competition among MEME issuance platforms.
FUNToken
FUN$0.009291-1.41%
pump.fun
PUMP$0.004117+5.34%
MAY
MAY$0.04293+0.70%
Partager
PANews2025/05/14 14:00
Partager
From mentality to strategy trading philosophy, these 52 blood and tears lessons you have to know

From mentality to strategy trading philosophy, these 52 blood and tears lessons you have to know

These 52 lessons were learned from the books I read, the lessons I learned from smart traders, and the countless mistakes I made along the way.
Smart Blockchain
SMART$0.005664-9.39%
Partager
PANews2025/04/07 16:51
Partager

Actualités tendance

Plus

Here’s why Polygon price is at risk of a 25% plunge

Pump.fun’s dominance is challenged by new platforms, the traffic war of MEME coin Glonk begins, and the founder comes out to help

From mentality to strategy trading philosophy, these 52 blood and tears lessons you have to know

World Liberty Financial Price Prediction: WLFI Is Biggest Loser With 20% Slump As Trump-Linked Coin Continues Post-Launch Implosion

PA Daily | Ethereum's market value surpasses Alibaba; China-US trade talks have made substantial progress