Hackers have developed a novel method to conceal malware within Ethereum smart contracts, according to research by ReversingLabs. The malicious packages "colortoolsv2" and "mimelib2," released in July, leverage smart contracts to retrieve download addresses for secondary malware, bypassing traditional security measures. This attack, part of a broader social engineering scheme, involved creating a fake cryptocurrency trading bot repository on GitHub, complete with fabricated commit records and professional documentation.
The research highlights that while the North Korean hacker group Lazarus has previously employed similar tactics, this marks the first instance of using smart contracts to host malicious URLs. This development underscores the evolving sophistication of cyber threats targeting the blockchain ecosystem.
Hackers Exploit Ethereum Smart Contracts to Spread Malware via NPM
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.