A new cybersecurity report from ReversingLabs has found a complex software supply chain attack. This attack utilizes Ethereum smart contracts to hide and deliver harmful code through popular JavaScript libraries. Attackers exploited Node Package Manager (NPM) packages to embed dangerous instructions into the open-source ecosystem without detection. Details on How Ethereum Smart Contracts Were Abused in Supply Chain Attack Notably, threat actors used two malicious NPM packages that contained code to fetch instructions from Ethereum smart contracts. These smart contracts act as attackers to remotely control compromised systems without revealing their own servers. Meanwhile, this tactic marks a major step up in the exploitation of open-source software. Attackers used the decentralized and unchangeable nature of the Ethereum blockchain to conceal harmful instructions in plain sight, allowing them to avoid traditional detection methods. This technique makes it harder to find and address threats in the software supply chain. Security researchers affirmed that this is not the first time people have used blockchain tools for harmful purposes in cybersecurity. However, this incident is one of the first clear examples of how hackers used smart contracts to deliver malware through trusted open-source software channels. ReversingLabs is urging developers and organizations to pay closer attention to open-source dependencies, especially those from public repositories like NPM. To reduce the risk of hidden threats, it is important to monitor these dependencies, audit the code, and analyze metadata. Hackers Use GitHub Repositories to Target Crypto Wallets It is also worth noting that cybercriminals use GitHub to spread malware disguised as useful software. These repositories will grant users access to tools for social media automation, crypto wallet management, and gaming improvements. However, they do not perform as promised. Instead, the code installs hidden scripts that download additional malware and target crypto wallets. The attackers made these repositories look like legitimate open-source projects, tricking developers into using them. One primary concern is how attackers utilize artificial intelligence to make their fake repositories seem real. Attackers also create fake reviews and social media posts, making it even more difficult to detect scams . Ethereum is Having its Best Q3 Meanwhile, Ethereum has experienced significant growth over the last few weeks , with the coin reaching multiple highs in a short period. Its market capitalization has also crossed the $500 billion psychological mark after several years of having only Bitcoin at this level. Judging by this outlook, it is safe to say that Ethereum is having its best year ever, more specifically, its best Q3 yet. For the longest time, the ETH price struggled to stay above $3,000, keeping its investors in the red for quite a while. However, it recently kick-started a recovery, taking the broader crypto market by surprise. The second-largest cryptocurrency by market capitalization began its positive momentum by first breaking through the $3,000 level. In no time, it skyrocketed to $4,000 level . At press time, the altcoin was trading at $4,412.70, corresponding with a 1.34% rally within the last 24 hours. Its market cap was at $532.13 billion. The post Hackers Taps Ethereum Smart Contracts in Software Supply Chain Attack appeared first on TheCoinrise.com .
