• Dapps:16.23K
  • Blockchains:78
  • Active users:66.47M
  • 30d volume:$303.26B
  • 30d transactions:$879.24M

New Threats: Hackers Use Smart Contracts to Conceal Malware

user avatar

by Giorgi Kostiuk

2 days ago

Cybercriminals are embedding malicious commands in Ethereum smart contracts, complicating detection for security systems.

Smart Contracts as Hosts for Malware

Research from ReversingLabs has revealed that attackers are uploading malicious packages to the Node Package Manager (NPM) repository, one of the largest hubs for JavaScript libraries. The packages "colortoolsv2" and "mimelib2," released in July, disguised themselves as legitimate tools and fetched command-and-control (C2) addresses from Ethereum smart contracts, bypassing standard security protocols.

A New Twist on Old Attacks

While using smart contracts for malware is not a new phenomenon, recent attacks suggest a novel approach. Instead of merely hiding malware within contracts, attackers are now embedding the very URLs for payload delivery inside Ethereum’s decentralized infrastructure.

Social Engineering in Cyber Threats

The malicious packages were part of a larger deception campaign targeting developers through GitHub repositories. Threat actors built fake cryptocurrency trading bot projects complete with fabricated commits, multiple fake maintainers, and polished documentation to establish credibility. These repositories lured unsuspecting developers into downloading the infected packages, further spreading the malware.

This incident underscores how attackers are merging blockchain technology with social engineering to bypass traditional security tools.

0

Rewards

chest
chest
chest
chest

More rewards

Discover enhanced rewards on our social media.

Other news

Launch of the First Dogecoin ETF in the US Planned for 2025

chest

The first Dogecoin ETF is anticipated to launch in the US on September 9, 2025. This could change the cryptocurrency investment landscape.

user avatarGiorgi Kostiuk

Revised Digital Asset Market Structure Act: What It Means for the Crypto Market?

chest

The updated Bill in the USA exempts staking and airdrops from securities laws, potentially increasing confidence in the crypto market.

user avatarGiorgi Kostiuk

Significant Outflows from Bitcoin and Ethereum ETFs in the U.S.: Market Implications

chest

Bitcoin and Ethereum ETFs in the U.S. face significant outflows, while BlackRock sees inflows, altering market dynamics.

user avatarGiorgi Kostiuk

Viberate Clarifies Absence of Connection to Music Documentary

chest

Viberate focuses on blockchain development in music industry and denies any links to a country music documentary.

user avatarGiorgi Kostiuk

Spell Wallet: Daily Puzzle with 1 MANA Reward on September 7, 2025

chest

On September 7, 2025, Spell Wallet users can solve puzzles to earn 1 MANA, but no significant market impact is observed.

user avatarGiorgi Kostiuk

Crypto Market: Dogecoin, SEI, and BlockDAG's Success in Presale

chest

Overview of current trends in the crypto market: Dogecoin, SEI, and BlockDAG's presale achievements.

user avatarGiorgi Kostiuk

Important disclaimer: The information presented on the Dapp.Expert portal is intended solely for informational purposes and does not constitute an investment recommendation or a guide to action in the field of cryptocurrencies. The Dapp.Expert team is not responsible for any potential losses or missed profits associated with the use of materials published on the site. Before making investment decisions in cryptocurrencies, we recommend consulting a qualified financial advisor.