Hackers typically peek into the best blockchain platforms to steal millions worth of coins. And, some crypto nerds believe the best platforms are less prone to exploitation. However, that’s not the case. ReversingLabs, a pioneer in cybersecurity, has revealed some shocking truths about how hackers have misused Ethereum smart contracts to hide malware activities.
Are Ethereum smart contracts under threat?
Bad actors have targeted a new way to infuse malicious software, links, and commands inside the Ethereum smart contracts! According to ReversingLabs, the hackers have found “two new pieces of open source malware” on the public NPM package repository.
NPM, also Node Package Manager, is a large public library where developers share open-source JavaScript source code.
A creative technique for loading malware on Ethereum?
- Hackers deployed the two pieces of malware on the npm package back in July and concealed the truth that they are normal, open-source software.
- Typically, malware stays inside the npm package itself; however, attackers used Ethereum smart contracts to store and deliver the malware.
- Smart contracts on Ethereum do the normal blockchain tasks, but they carry malicious instructions, payloads, or links!
Clean at first glance: The two new pieces of malware
Two new npm packages — colortoolsv2 and mimelib2 contain malicious code, according ot the digital firm. These codes look normal, but hold harmful features.
How does the attack work?
As mentioned, the two npm packages abused smart contracts in order to hide their true identity. Consequently, normal scanning tools could not appropriately detect the infected code.
When an NPM developer installed one of the two packages, it secretly processed hidden instructions, automatically installing downloader malware on their system. The downloader malware can potentially pull in more malicious software once installed, giving hackers long-term power to control.
Malicious campaigns increase targeting NPM
The leading online library for JavaScript has been slashed with several malicious campaigns, according to RversingLabs. Earlier, hackers have compromised npm packages to disguise as useful tools only to secretly offer malware as part of a coordinated cyber attack.
In March, the firm found two malicious packages, ethers-providerz and ethers-provider2. These packages acted as downloaders, modifying the original ethers package.
A dangerous threat in the cyber world! Hackers are exploiting Ethereum smart contracts to load malware links and codes to disguisedeceiving developers through the vast npm repository. Smart contracts are designed to combat exploitation and enable trusted decentralized applications. Whatever, things are changing in fleeting seconds as hackers constantly hunt for new loopholes.
