Ethereum Smart Contracts Targeted in JavaScript Malware Campaign

A new malware campaign has reportedly exploited Ethereum smart contracts to distribute JavaScript malware, according to ReversingLabs security firm. The campaign utilizes npm packages like `colortoolsv2` and a compromised VS Code extension named Ethcode to reach vulnerable developers. While no confirmed asset losses from major exchanges or cryptocurrency wallets have been reported, the incident raises concerns about developer tool security and potential reputational damage for Ethereum. This attack highlights the evolving landscape of cyberattacks on blockchain tools, urging greater attention to safeguarding open-source platforms.