A new wave of blockchain security threats is emerging, leveraging the trustworthiness of open-source repositories like NPM to deliver sophisticated malware with evasion tactics.

This evolution builds on previous methods that exploited trusted cloud services, but now incorporates Ethereum smart contracts, adding a crypto-layer to supply chain attacks.

Attackers are creating fake GitHub repositories with fake activity, including bogus commits and inflated star counts, to make malicious packages appear legitimate and bypass security checks.

Hackers are embedding malware commands into Ethereum smart contracts, disguising them as ordinary transactions to evade detection, with some commands hidden behind URLs to download second-stage malware.

These malicious smart contracts fetch hidden URLs, allowing attackers to execute second-stage malware while appearing as routine blockchain transactions.

Researchers from ReversingLabs identified two malicious NPM packages, 'colortoolsv2' and 'mimelib2,' highlighting a significant evolution in cyberattack tactics involving blockchain.