Hackers Have Found Newer Ways To Inject Malware in Ethereum Smart Contracts 

Hackers_find_new_way_to_hide_malware_in_Ethereum_smart_contracts
Vinita Mathreja

Written By

Vinita Mathreja
Gaetan Lajeune

Reviewed By

Gaetan Lajeune
  • Updated

Share this article

Latest News

Emirati royal buys half of Trump family crypto, raising questions
Foreign Money, Family Drama: Trump Crypto Deal Sparks Firestorm
Opera and Tether Turn Smartphones Into Digital Dollar Wallets for Millions
Your Daily Crypto Catch-Up for 02nd Feb
Step Finance hit by treasury breach as STEP token plunges over 90%
VIEW MORE

Learn Crypto

Beginner
Intermediate
Advanced
Latest Video
Subscribe
Vinita Mathreja
Written By: Vinita Mathreja
Gaetan Lajeune
Reviewed By: Gaetan Lajeune
  • Updated

Hackers have developed a new technique to hide malicious software within Ethereum smart contracts, allowing them to bypass traditional security scans. 

This new method was uncovered by researchers at ReversingLabs, who discovered two malicious packages, “colortoolsv2” and “mimelib2,” on the Node Package Manager (NPM) repository.

Instead of directly embedding malicious links, these packages use a novel approach.

Join our newsletter

They are designed to query the Ethereum blockchain to retrieve the addresses of command and control servers. This makes it much harder for security systems to detect the threat, as the packages simply appear to be performing legitimate blockchain transactions. 

Once they fetch the malicious URLs, they download a second-stage malware payload onto the compromised device.

A New Attack Vector

While malware targeting crypto users isn’t new, the use of smart contracts to conceal these malicious commands is an evolving strategy. 

According to ReversingLabs researcher Lucija Valentić, this technique demonstrates how quickly threat actors are adapting their methods to evade detection.

A Broader Deception Campaign

This recent discovery is part of a larger social engineering effort. 

The malicious packages were linked to an elaborate campaign on GitHub where hackers created fake cryptocurrency trading bot repositories. 

These repositories were designed to appear legitimate with fabricated commits, fake user accounts, and professional-looking documentation to trick developers into trusting the code.

This new attack vector highlights how hackers are combining different technologies, like blockchain and social engineering, to create more sophisticated threats. 

Similar campaigns have been seen on other blockchains, with fake Solana trading bot repositories being used to steal wallet credentials and attacks targeting the open-source Bitcoinlib library.

The discovery of this new technique underscores the need for developers and security professionals to remain vigilant as attackers continue to find new ways to exploit open-source repositories.

Disclaimer: Coin Medium is not responsible for any losses or damages resulting from reliance on any content, products, or services mentioned in our articles or content belonging to the Coin Medium brand, including but not limited to its social media, newsletters, or posts related to Coin Medium team members.

Vinita Mathreja

The Idea Weaver
I am a crypto and DeFI educator on the crypto yacht where I sail towards one destination: to build a place where people will not only understand crypto but love it. I enjoy covering jargon packed crypto guides but without the jargon. Yes, you read that right. When I am not writing, I am probably finding the next crypto farming project to dive in.

Related Articles

Emirati royal buys half of Trump family crypto, raising questions
Foreign Money, Family Drama: Trump Crypto Deal Sparks Firestorm
Opera and Tether bring digital dollars to emerging markets
Opera and Tether Turn Smartphones Into Digital Dollar Wallets for Millions
WHCY 2nd Feb
Your Daily Crypto Catch-Up for 02nd Feb
BEGINNER
INTERMEDIATE
ADVANCED

Stay ahead of the curve with expert crypto insights, guides, and market trends — join to our newsletter.

JOIN OUR NEWSLETTER

Follow Coin Medium

Share this article

BACK TO TOP