Ethereum Devs Targeted by Malware Hidden in Smart Contracts
Hackers are stepping up their game, and this time they’re using Ethereum smart contracts to pull off sneaky malware attacks. Researchers from ReversingLabs spotted two fake NPM packages, “colortoolsv2” and “mimelib2,” that hide malicious commands inside Ethereum smart contracts to bypass normal security scans.
Ethereum Smart Contracts Turned Into Malware Tools
Here’s the trick: once developers install these packages, the code pings the Ethereum blockchain to grab secret URLs. Those URLs then deliver second-stage malware directly onto the victim’s system. Since blockchain traffic looks legit, the attack flies under the radar, making it harder for cybersecurity tools to spot.
What makes this even scarier is that hackers have been upgrading their tactics. Groups like the Lazarus Group have used ETH contracts before, but now the hidden-URL method makes attacks way more sophisticated. It’s not just random code drops either scammers are building fake GitHub projects with polished descriptions, multiple “maintainers,” and fake updates to look authentic.
ReversingLabs researcher Lucija Valentić explained that this is part of a growing wave of crypto-related scams targeting open-source platforms. In 2024 alone, 23 scams tied to malicious software were found across developer tools and crypto projects. From fake Solana trading bots to compromised Bitcoin libraries, hackers are targeting multiple ecosystems.
The bottom line? Even seasoned developers can get caught if they don’t double-check their sources. With hackers now weaponizing Ethereum smart contracts, open-source coding just got a lot riskier.
YOU MIGHT ALSO LIKE: Cardano (ADA) Price Eyes $1.20 as On-Chain Activity Surges and Key Support Holds
