Hackers use Ethereum smart contracts to hide malware and bypass security detection

ChainCatcher news, according to researchers from ReversingLabs, the NPM packages "colortoolsv 2" and "mimelib 2" released in July utilize Ethereum smart contracts to hide malicious URLs, avoiding security scans. These packages operate as downloaders, retrieving command and control server addresses from the smart contracts, and then downloading second-stage malware, making blockchain traffic appear legitimate, thereby increasing detection difficulty.

The research indicates that this is the first time Ethereum smart contracts have been found to host malicious command URLs, demonstrating that attackers' strategies to evade detection in open-source repositories are rapidly evolving.