The latest report from security firm ReversingLabs shows that hackers are using innovative methods to hide malicious instructions in npm packages using Ethereum smart contracts. Two malicious packages named "colortoolsv2" and "mimelib2" appeared in July this year. They obtain the next stage of attack instructions by querying Ethereum contracts instead of hardcoding directly in the code, which greatly increases the difficulty of detection and removal.
The attackers also created fake cryptocurrency-themed GitHub repositories to increase credibility by forging stars and automatically generated commit records, inducing developers to add these dependencies.
Report: Hackers use Ethereum smart contracts to hide malicious code
2025-09-04 10:32:58
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
报告:黑客利用以太坊智能合约隐藏恶意代码Next article:
American Bitcoin将比特币挖矿规模扩大至 24 EH/s,增长 2.4 倍
