Hackers Found New Way to Hide Malware in Ethereum Smart Contracts: Research

PA一线
PA一线

PANews reported on September 4th that according to research by digital asset compliance firm ReversingLabs, hackers have recently exploited Ethereum smart contracts to store malicious instructions and spread new malware through the Node Package Manager (NPM) repository. The "colortoolsv2" and "mimelib2" packages, released in July, query blockchain smart contracts to obtain the download address for the second-stage malware, evading traditional security scans.

The attack was part of a larger social engineering scam. Hackers created a fake cryptocurrency trading bot repository on GitHub and projected a trustworthy image by fabricating commit records, maintaining accounts, and providing professional documentation. Researchers noted that while the North Korean hacker group Lazarus has used similar techniques before, this is the first time they've used smart contracts to host malicious URLs, demonstrating the continued evolution of their attack strategies.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Smart ContractshackerReportEthereum
Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANewsCN
Recommended Reading
YuliyaYuliya1 hour ago
Top university professors debate: Is Ethereum ready for RWA?
Foresight NewsForesight News2 hour ago
Etherealize raises $40 million in funding, Vitalik Buterin participates, and aims to be the face of Ethereum.
PA一线PA一线2025-09-05 07:26
Bitcoin mining company Cango releases Q2 financial report, with BTC mining accounting for over 98% of revenue
PA榜单PA榜单2025-09-05 04:30
PANews August 2025 columnist influence and column article popularity rankings released
PA一线PA一线2025-09-05 03:53
Ethereum spot ETFs saw a total net outflow of $167 million yesterday, marking the fourth consecutive day of net outflows.
PA一线PA一线2025-09-05 03:50
Bunni points to smart contract rounding errors as the cause of an $8.4 million flash loan exploit

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

Ethereum's turbulent decade

Ethereum's turbulent decade

Ten years have passed since the creation of Ethereum. Where is the "world computer" headed? This special feature will feature selected articles reviewing Ethereum's turbulent decade of rise, challenges, and breakthroughs.

PAData: Web3 in Data

PAData: Web3 in Data

Data analysis and visual communication of industry hot spots help users understand the meaning and opportunities behind each data.

Pioneer's View: Crypto Celebrity Interviews

Pioneer's View: Crypto Celebrity Interviews

Exclusive interviews with crypto celebrities, sharing unique observations and insights

AI Agent: The Journey to Web3 Intelligence

AI Agent: The Journey to Web3 Intelligence

The AI Agen innovation wave is sweeping the world. How will it take root in Web3? Let’s embark on this intelligent journey together

Memecoin Supercycle: The hype around attention tokenization

Memecoin Supercycle: The hype around attention tokenization

From joke culture to the trillion-dollar race, Memecoin has become an integral part of the crypto market. In this Memecoin super cycle, how can we seize the opportunity?

Real-time tracking of Bybit attack

Real-time tracking of Bybit attack

Bybit suffered a security incident, and funds worth $1.44 billion were withdrawn. A North Korean hacker group was accused of being the perpetrator.

App内阅读