• About Us
  • Careers
  • Contact
No Result
View All Result
Thursday, September 25, 2025
DeFi Planet
  • News
    • People
    • Business
    • Crime
    • Regulation
    • Crypto
    • CBDC
  • Market Analysis
    • Bitcoin
    • Ethereum
    • Stablecoins
    • Altcoins
    • Crypto ETFs
    • Memecoins
  • Policy
  • Articles
    • Press Releases
    • Opinion
    • Explainers
    • Guest Post
    • Sponsored
  • Directory
    • Companies
    • People
    • Products
    • Wallets
  • Multimedia
    • Videos
    • Podcasts
  • Learn
    • DeFi Basics
    • Tutorials
    • Reviews
    • Blockchain Fundamentals
  • Research
    • Case Studies
  • Explore
    • DeFi
    • Crypto Gaming
    • NFT
    • DAO
    • Metaverse
    • Glossary
  • Jobs
  • Markets Pro
    • DeFi Planet Pro
    • Spend Crypto
    • Swap Crypto
    • Coin Prices
    • Crypto Exchanges
    • Crypto Analyzer
  • News
    • People
    • Business
    • Crime
    • Regulation
    • Crypto
    • CBDC
  • Market Analysis
    • Bitcoin
    • Ethereum
    • Stablecoins
    • Altcoins
    • Crypto ETFs
    • Memecoins
  • Policy
  • Articles
    • Press Releases
    • Opinion
    • Explainers
    • Guest Post
    • Sponsored
  • Directory
    • Companies
    • People
    • Products
    • Wallets
  • Multimedia
    • Videos
    • Podcasts
  • Learn
    • DeFi Basics
    • Tutorials
    • Reviews
    • Blockchain Fundamentals
  • Research
    • Case Studies
  • Explore
    • DeFi
    • Crypto Gaming
    • NFT
    • DAO
    • Metaverse
    • Glossary
  • Jobs
  • Markets Pro
    • DeFi Planet Pro
    • Spend Crypto
    • Swap Crypto
    • Coin Prices
    • Crypto Exchanges
    • Crypto Analyzer
No Result
View All Result
DeFi Planet
No Result
View All Result

Hackers Hide Malware in Ethereum Smart Contracts to Evade Detection

4 September 2025
in Crime
Reading Time: 3 mins read
107 2
Home News Crime

Contents

Toggle
  • Quick Breakdown 
  • Threat actors exploit blockchain to conceal malicious commands in open-source packages
  • Smart Contracts Used as Malware Hosts
  • A New Twist on Old Attacks
  • Social Engineering Behind the Scenes
  • A Growing Trend of Crypto-Focused Malware

Quick Breakdown 

  • Hackers are embedding malware commands in Ethereum smart contracts to bypass scans.
  • Malicious NPM packages, colortoolsv2 and mimelib2, retrieved C2 servers from the blockchain.
  • Campaigns used fake GitHub repositories to trick developers into downloading infected code.

Threat actors exploit blockchain to conceal malicious commands in open-source packages

Cybercriminals are adopting a new method of delivering malware by embedding malicious commands inside Ethereum smart contracts, making detection significantly harder for security systems.

Source: ReversingLabs

Researchers at ReversingLabs, a digital asset compliance firm, revealed that attackers have uploaded malicious packages to the Node Package Manager (NPM) repository, one of the largest hubs for JavaScript libraries.

Smart Contracts Used as Malware Hosts

According to ReversingLabs researcher Lucija Valentić, the malware packages “colortoolsv2” and “mimelib2” were published in July and disguised as legitimate tools. Instead of directly linking to malicious domains, the code fetched command-and-control (C2) addresses from Ethereum smart contracts, bypassing routine security scans.

Once installed, the packages queried the blockchain to retrieve download links for second-stage malware, which carried out the actual malicious activity. Since blockchain traffic typically appears legitimate, this tactic makes detection more complex.

A New Twist on Old Attacks

While the use of smart contracts in malware is not new, the North Korean Lazarus Group used a similar approach earlier this year, the latest method is distinct. Instead of merely hiding malware within contracts, attackers are now embedding the very URLs for payload delivery inside Ethereum’s decentralized infrastructure.

Social Engineering Behind the Scenes

The malicious packages were part of a larger deception campaign targeting developers through GitHub repositories. Threat actors built fake cryptocurrency trading bot projects complete with fabricated commits, multiple fake maintainers, and polished documentation to establish credibility.

These repositories lured unsuspecting developers into downloading the infected packages, further spreading the malware.

A Growing Trend of Crypto-Focused Malware

Security experts documented 23 crypto-related malware campaigns on open-source repositories in 2024. This latest incident underscores how attackers are merging blockchain technology with social engineering to bypass traditional security tools.

The threat is not limited to Ethereum. In April, a fake GitHub repository mimicking a Solana trading bot delivered credential-stealing malware, while another campaign targeted Bitcoinlib, a popular open-source Python library.

If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.

Take control of your crypto  portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”

Don't miss out!

Subscribe To Our Newsletter

Receive top education news, lesson ideas, teaching tips and more!
Invalid email address
Give it a try. You can unsubscribe at any time.
Thanks for subscribing!
Share64Tweet40Share11
Previous Post

Crypto VC Activity Sees Mixed Signals in August 2025

Next Post

Etherealize Secures $40M to Boost Ethereum’s Wall Street Push as Institutions Add $1.26B in ETH

Favour Okosodo

Favour Okosodo

Experienced web content writer with a strong command of SEO, specializing in creating concise, engaging content that drives traffic and enhances conversions across diverse industries.

Related Posts

source: coingape.com
Crime

UXLINK Advances Token Migration Amid Security Breach and Exchange Coordination.

25 September 2025
source: protos.com
Crime

UXLINK Advances Token Migration After Security Breach

24 September 2025
source: decrypt.co
Crime

UXLINK to Launch Token Swap After $11.3M Exploit and Ongoing Unauthorized Minting

23 September 2025
source: ts2.tech
Crime

South Korea Flags Record Suspicious Crypto Transactions in 2025

22 September 2025

Editors Picks

Mining vs. Staking: Which Crypto Validation Method Will Shape the Future?

Mining vs. Staking: Which Crypto Validation Method Will Shape the Future?

byOlajumoke Oyaleke
15 July 2025
0

Where Are the Ethereum-Killers Now?

Where Are the Ethereum-Killers Now?

byOlayinka Sodiqand1 others
6 January 2025
0

source: investorplace.com

How to Find the Newest Cryptocurrencies Before They’re Listed

byOlayinka Sodiq
30 December 2024
0

Exploring the Role of AI in Enhancing DeFi Security

Exploring the Role of AI in Enhancing DeFi Security

byOlayinka Sodiq
1 October 2024
0

The Ultimate Guide to How NFT Royalties Work

The Ultimate Guide to How NFT Royalties Work

byAdedamola Ojedokun
17 April 2024
0

Read More

Chain of Thoughts

Zero-Knowledge Everything: Trust, Privacy, and Verification in the Digital Age

Zero-Knowledge Everything: Trust, Privacy, and Verification in the Digital Age

byOlu Omoyele
30 August 2025
0

...

What Happens When AI Gets a Wallet?

What Happens When AI Gets a Wallet?

byOlu Omoyele
31 July 2025
0

...

The Game-changing Triumvirate: Blockchain, Data Science, and Artificial Intelligence

The Game-changing Triumvirate: Blockchain, Data Science, and Artificial Intelligence

byOlu Omoyele
30 June 2025
0

...

Are Stablecoins Bank Deposits?

Are Stablecoins Bank Deposits?

byOlu Omoyele
31 May 2025
0

...

Markets Update

Network Tokens on the Edge: Commodities vs Securities and the SEC’s Next Big Move

10 hours ago

Tether Eyes $20B Fundraise at $500B Valuation

1 day ago

Do Tokenized Stocks Confuse Investors? Risks You Should Know

5 days ago

Can Europe’s Stablecoin Ambitions Withstand Pressure From the US and China?

6 days ago

Your Weekend Crypto Roundup | September 2025 (Week 3)

6 days ago

Crypto, Privacy, and Judicial Authority in the United States

1 week ago
Read More

Events

Korea Blockchain Week 2025
Korea Blockchain Week 2025
22 Sep 25
Seoul
Blockchain Life 2025
Blockchain Life 2025
28 Oct 25

Spotlight

All about Ethereum
All about Algorand
All about Bitcoin
All about Gora

Press Releases

KuCoin Appeals FINTRAC Decision, Reaffirms Commitment to Compliance

bychainwire
25 September 2025
0

Phemex Revamps Blog to Deliver Deeper Insights and Enhanced Reader Experience

bychainwire
25 September 2025
0

T-REX Launches Intelligence Layer to Fix Web3’s Value Distribution Problem

bychainwire
25 September 2025
0

MNT’s Bybit Era: One All-Powerful Asset Across Two Ecosystems

bychainwire
24 September 2025
0

BTCC Exchange Partners with NBA All-Star Jaren Jackson Jr. to Inspire Smarter Moves in Sports and Crypto

bychainwire
24 September 2025
0

Read More

ADVERTISING

ABOUT

TEAM

CAREERS

CONTACT

TERMS & CONDITIONS

PRIVACY POLICY

© Copyright 2025 DeFi Planet

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Please enter and activate your license key for Cryptocurrency Widgets PRO plugin for unrestricted and full access of all premium features.

Add New Playlist

No Result
View All Result
  • News
    • People
    • Business
    • Crime
    • Regulation
    • Crypto
    • CBDC
  • Market Analysis
    • Bitcoin
    • Ethereum
    • Stablecoins
    • Altcoins
    • Crypto ETFs
    • Memecoins
  • Policy
  • Articles
    • Press Releases
    • Opinion
    • Explainers
    • Guest Post
    • Sponsored
  • Directory
    • Companies
    • People
    • Products
    • Wallets
  • Multimedia
    • Videos
    • Podcasts
  • Learn
    • DeFi Basics
    • Tutorials
    • Reviews
    • Blockchain Fundamentals
  • Research
    • Case Studies
  • Explore
    • DeFi
    • Crypto Gaming
    • NFT
    • DAO
    • Metaverse
    • Glossary
  • Jobs
  • Markets Pro
    • DeFi Planet Pro
    • Spend Crypto
    • Swap Crypto
    • Coin Prices
    • Crypto Exchanges
    • Crypto Analyzer

© Copyright 2024 DeFi Planet   |   Terms & Conditions   |   Privacy Policy

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00