• Crypto Market
  • Crypto List
  • Converter
The cryptonews hub
  • Currency Prices
  • Top Gainers
  • Top Losers
  • Trending News
  • Crypto News
    • Bitcoin
    • Ethereum
    • NFT
    • Tech
  • Blockchain
  • Market
  • Crypto Events
Reading: Ethereum smart contracts quietly push javascript malware targeting developers
Share
The cryptonews hubThe cryptonews hub
Font ResizerAa
  • Trending News
  • Crypto News
  • Blockchain
  • Market
  • Crypto Events
  • Trending News
  • Crypto News
    • Bitcoin
    • NFT
    • Ethereum
    • Tech
  • Blockchain
  • Market
  • Quick Links
    • Crypto Converter
    • Crypto List
    • Crypto Market
    • Currency Prices
    • Crypto Events
    • Exchange
    • Top Gainers
    • Top Losers
Follow US

© 2026 The Crypto News Hub. Powered by Pantrade Blockchain

The cryptonews hub > Blog > Trending News > Ethereum smart contracts quietly push javascript malware targeting developers
Trending News

Ethereum smart contracts quietly push javascript malware targeting developers

Crypto Team
Last updated: September 4, 2025 6:44 pm
Crypto Team
Published: September 4, 2025
Share
wp header logo 380 Ethereum smart contracts quietly push javascript malware targeting developers

Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that turns the blockchain into a resilient command channel and complicates takedowns.

The packages surfaced in July and were removed after disclosure. ReversingLabs traced their promotion to a network of GitHub repositories that posed as trading bots, including solana-trading-bot-v2, with fake stars, inflated commit histories, and sock-puppet maintainers, a social layer that steered developers toward the malicious dependency chain.

- Advertisement -

The on-chain command channel echoes a broader campaign that researchers tracked in late 2024 across hundreds of npm typosquats. In that wave, packages executed install or preinstall scripts that queried an Ethereum contract, retrieved a base URL, and then downloaded OS-specific payloads named node-win.exe, node-linux, or node-macos.

ReversingLabs frames the 2025 packages as a continuation in technique rather than scale, with the twist that the smart contract hosts the URL for the next stage, not the payload.

The GitHub distribution work, including bogus stargazers and chore commits, aims to pass casual due diligence and leverage automated dependency updates within clones of the fake repos.

The design resembles earlier use of third-party platforms for indirection, for example GitHub Gist or cloud storage, but on-chain storage adds immutability, public readability, and a neutral venue that defenders cannot easily take offline.

Per ReversingLabs, Concrete IOCs from these reports include the Ethereum contracts 0x1f117a1b07c108eae05a5bccbe86922d66227e2b linked to the July packages and the 2024 contract 0xa1b40044EBc2794f207D45143Bd82a1B86156c6b, wallet 0x52221c293a21D8CA7AFD01Ac6bFAC7175D590A84, host patterns 45.125.67.172 and 193.233.201.21 with port 1337 or 3001, and platform payload names noted above.

Hashes for the 2025 second stage include 021d0eef8f457eb2a9f9fb2260dd2e391f009a21, and for the 2024 wave, Checkmarx lists Windows, Linux, and macOS SHA-256 values. ReversingLabs also published SHA-1s for each malicious npm version, which helps teams scan artifact stores for past exposure.

For defense, the immediate control is to prevent lifecycle scripts from running during install and CI. npm documents the --ignore-scripts flag for npm ci and npm install, and teams can set it globally in .npmrc, then selectively allow necessary builds with a separate step.

The Node.js security best practices page advises the same approach, together with pinning versions via lockfiles and stricter review of maintainers and metadata.

The packages are gone, the pattern remains, and on-chain indirection now sits alongside typosquats and bogus repos as a repeatable way to reach developer machines.

source

Critics argue Stripe’s blockchain ambitions clashes with crypto decentralization
Why Standard Chartered now sees Ethereum hitting $25,000 within 30 months
Hacker in SEC X Account Breach Faces $50K Fine in Plea Deal
Can Solana’s $11.6B staking reboot pull liquidity from Ethereum’s L2s?
Why is everything dumping? Mixed treasury auction results point to risk-off
Share This Article
Facebook Email Copy Link Print
Share
Previous Article wp header logo 379 Bitcoin Market Base Turns Neutral-Bearish As Flows Stay Weak Bitcoin Market Base Turns Neutral-Bearish As Flows Stay Weak
Next Article wp header logo 381 AlphaTON Capital anchors crypto treasury around Toncoin AlphaTON Capital anchors crypto treasury around Toncoin
Leave a Comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Follow US

Find US on Socials
FacebookLike
XFollow
InstagramFollow
Trending News
19 KinetFlow Launch Boosts Conflux Cross-Chain Capabilities
KinetFlow Launch Boosts Conflux Cross-Chain Capabilities
wp header logo 1923 How M2 money supply and the dollar REALLY move Bitcoin price – The truth influencers aren’t telling you
How M2 money supply and the dollar REALLY move Bitcoin price – The truth influencers aren’t telling you
wp header logo 1922 This $4.3M crypto home invasion shows how a single data leak can put anyone’s wallet — and safety — at risk
This $4.3M crypto home invasion shows how a single data leak can put anyone’s wallet — and safety — at risk
wp header logo 1918 Japan’s 20% crypto tax sets a new bar in Asia, pressuring Singapore and Hong Kong as retail costs fall
Japan’s 20% crypto tax sets a new bar in Asia, pressuring Singapore and Hong Kong as retail costs fall
wp header logo 1916 Did you know Bitcoin can stay alive without the internet?
Did you know Bitcoin can stay alive without the internet?
The cryptonews hub

The Cryptonews Hub brings breaking news on Bitcoin, Ethereum, Ripple, NFTs, DeFi, and blockchain. Get real-time prices, expert analysis, and earn free Bitcoin. Follow for top crypto updates!

Top Insight

Snoop Dogg NFT Collection Sells Out in 30 Minutes
December 31, 2025
Ethereum Quietly Sets Record Smart Contract Deployments
December 31, 2025

Top Categories

  • Trending News
  • Crypto News
  • Bitcoin
  • Ethereum
  • NFT
  • Tech
  • Blockchain
  • Market

Quick Links

  • Crypto Market
  • Crypto List
  • Converter
  • Currency Price
  • Crypto Events
  • Top Exchanges
  • Top Gainers
  • Top Losers

© 2026 The Crypto News Hub. Powered by Pantrade Blockchain

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?