Hackers are using Ethereum smart contracts to hide malware in npm packages, making it difficult to detect and remove. ReversingLabs found two malicious packages that accessed a contract on Ethereum to download additional malware, part of a larger campaign discovered in 2024. Steps to protect against these attacks include preventing lifecycle scripts during installation and CI, and blocking outbound traffic to known malicious hosts. The use of on-chain storage for malware poses a new challenge for defenders.
Leave a Reply