A novel technique utilizing Ethereum smart contracts was discovered in two npm packages to conceal malicious commands for installing downloader malware. The packages, colortoolsv2 and mimelib2, are part of a larger campaign targeting npm and GitHub. The attackers created sophisticated GitHub repositories with fake popularity metrics to lure developers. The campaign focused on cryptocurrency-related projects, using blockchain technology to evade detection. This incident highlights the evolving strategies of malicious actors in compromising open-source repositories and the need for developers to carefully assess third-party packages before implementation. Author: AlienVault
Related Tags:
mimelib2
colortoolsv2
ethereum
T1195.001
T1102.003
T1059.007
T1588.002
T1204.002
T1059.001
Associated Indicators:
021D0EEF8F457EB2A9F9FB2260DD2E391F009A21
BDA31E9022F5994385C26BD8A451ACF0CD0B36DA
1BB7B23F45ED80BCE33A6B6E6BC4F99750D5A34B
678C20775FF86B014AE8D9869CE5C41EE06B6215
C5488B605CF3E9E9EF35DA407EA848CF0326FDEA