Hackers Hide Malware Using Ethereum Smart Contracts in NPM Packages

New research reveals hackers are leveraging blockchain technology to deliver malware disguised as legitimate code. This tactic has been found by cybersecurity firm ReversingLabs, who discovered two malicious NPM packages used to distribute harmful software via Ethereum smart contracts. These packages masked their malicious intent behind the guise of standard blockchain interactions, allowing them to bypass traditional security checks and deploy second-stage payloads. This approach reflects a growing trend in malware distribution where attackers are exploiting open-source repositories for their malicious activities.