Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.

"The two npm packages abused smart contracts to conceal malicious commands that installed downloader malware on compromised systems," ReversingLabs researcher Lucija Valentić said in a report shared with The Hacker News.

The packages, both uploaded to npm in July 2025 and no longer available for download, are listed below -

colortoolsv2 (7 downloads)

mimelib2 (1 download)

The software supply chain security firm said the libraries are part of a larger and soph

See Full Page

Interests (0)

Settings

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Trump's 'pro-business, pro-innovation' agenda hailed by tech leaders at White House dinner: 'Very refreshing change'

I got this crazy cyborg keypad to improve at PC games. I still suck

12 years since Oklahoma family last had internet, Broadband Office celebrates milestone for expansion

Oops! Google's unannounced new Nest Cams spotted in Google Home app

This ‘backpack’ is unlocking how hawks see the world

Is bigger better? My hands-on reMarkable Paper Pro Move review says no

FDNY's 'keeper of the legacy,' who has kept the memory of 9/11 alive, retiring

Trump says he doesn't know 'anything' about reported North Korea SEAL Team 6 mission

Week 1 Best NFL Bets - Expert Picks and Betting Guide for Sunday Football Games (2025)

Trump signs executive order to blacklist countries that illegally detain Americans

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

'This is not a hoax': Epstein survivors speak out demanding files be released

Trump to Sign Order Renaming Defense Department to 'Department of War'

YouTube sisters share $1 meals to help families survive soaring food prices

Court Allows Florida's Alligator Alcatraz to Remain Open

Key Points from RFK Jr.'s Senate Hearing on CDC and Vaccines

2 United Airlines planes collide on runway at California airport, damaging wing of one

RFK Jr. Faces Senate Scrutiny Over Vaccine Policies

Powerball jackpot jumps to $1.7 billion after another night without a big winner

Trump's 'pro-business, pro-innovation' agenda hailed by tech leaders at White House dinner: 'Very refreshing change'

Justice Department Investigates Federal Reserve Governor Lisa Cook

Interests (0)

Settings

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Related News

Ethereum Smart Contracts Become Latest Hiding Spot For Malware

Crypto Hackers are Now Using Ethereum Smart Contracts to Mask Malware Payloads

Trump's 'pro-business, pro-innovation' agenda hailed by tech leaders at White House dinner: 'Very refreshing change'

I got this crazy cyborg keypad to improve at PC games. I still suck

12 years since Oklahoma family last had internet, Broadband Office celebrates milestone for expansion

Oops! Google's unannounced new Nest Cams spotted in Google Home app

This ‘backpack’ is unlocking how hawks see the world

Is bigger better? My hands-on reMarkable Paper Pro Move review says no

FDNY's 'keeper of the legacy,' who has kept the memory of 9/11 alive, retiring

Trump says he doesn't know 'anything' about reported North Korea SEAL Team 6 mission

Week 1 Best NFL Bets - Expert Picks and Betting Guide for Sunday Football Games (2025)

Trump signs executive order to blacklist countries that illegally detain Americans