Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware.

The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few days.

The activity was first flagged on October 31, 2024, although it's said to have been underway at least a week prior. No less than 287 typosquat packages have been published to the npm package registry.

See more: https://thehackernews.com/2024/11/malware-campaign-uses-ethereum-smart.html

nostr:nevent1qqsq8w6hg6zau75efs45zj03v7us74xm4pawuu69ng0flrczffr9j2cpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqsy4r3nr

#cybersecurity #c2 #smartcontracts