reversinglabs

ChainCatcher news, according to researchers from ReversingLabs, the NPM packages "colortoolsv 2" and "mimelib 2" released in July utilize Ethereum smart contracts to hide malicious URLs, avoiding security scans. These packages operate as downloaders, retrieving command and control server addresses from the smart contracts, and then downloading second-stage malware, making blockchain traffic appear legitimate, thereby increasing detection difficulty.The research indicates that this is the first time Ethereum smart contracts have been found to host malicious command URLs, demonstrating that attackers' strategies to evade detection in open-source repositories are rapidly evolving.

ChainCatcher news, according to Cointelegraph, based on research by the digital asset compliance company ReversingLabs, hackers have recently utilized Ethereum smart contracts to store malicious instructions and spread new types of malware through the Node Package Manager (NPM) software package repository.The "colortoolsv2" and "mimelib2" packages released in July obtain the download addresses for the second stage of malicious software by querying blockchain smart contracts, evading traditional security scans. This attack is part of a large social engineering scam, where hackers create fake cryptocurrency trading bot repositories on GitHub, establishing a credible image through forged commit records, maintaining accounts, and professional documentation.Researchers point out that while the North Korean hacker group Lazarus has used similar techniques, the use of smart contracts to host malicious URLs is a first discovery, indicating that attack strategies continue to evolve.