Npm Supply Chain Attack Uses Ethereum Blockchain

By switzerlandersing On Sep 13, 2025

LottieFiles Hit In Npm Supply Chain Attack Targeting Users' Crypto

LottieFiles Hit In Npm Supply Chain Attack Targeting Users' Crypto Attackers behind a recent supply chain attack that involved rogue github repositories and npm packages used smart contracts on the ethereum blockchain to deliver malware payloads. Checkmarx researchers have detected a unique supply chain attack within the npm ecosystem that uses the ethereum blockchain. the malicious package, dubbed “jest fet mock,” targets developers with a multi platform malware employing ethereum smart contracts for command and control (c2) operations.

NPM Account Takeover Results In Crypto Supply Chain Attack

NPM Account Takeover Results In Crypto Supply Chain Attack Cryptocurrencies massive supply chain attack targets cryptocurrencies through npm a recent phishing attack managed to gain access to a stunning ecosystem of software. Ethereum, solana wallets targeted in massive 'npm' attack but just 5 cents taken the credential stealer harvested username, password, and 2fa codes before sending them to a remote host. with full. Recently, we uncovered a unique supply chain attack through the npm package “ jest fet mock, ” which implements a different approach using ethereum smart contracts for command and control operations. the package masquerades as a popular testing utility while distributing malware across windows, linux, and macos platforms. Hackers injected malware into npm packages targeting ethereum and solana wallets, but the attack only netted $50 in stolen crypto.

Npm Supply Chain Attack Targeting Germany-Based Companies

Npm Supply Chain Attack Targeting Germany-Based Companies Recently, we uncovered a unique supply chain attack through the npm package “ jest fet mock, ” which implements a different approach using ethereum smart contracts for command and control operations. the package masquerades as a popular testing utility while distributing malware across windows, linux, and macos platforms. Hackers injected malware into npm packages targeting ethereum and solana wallets, but the attack only netted $50 in stolen crypto. "the use of blockchain technology for c2 infrastructure represents a different approach to supply chain attacks in the npm ecosystem, making the attack infrastructure more resilient to takedown attempts while complicating detection efforts," gelb said. The discovery of this blockchain based malware campaign demonstrates the evolving sophistication of supply chain attacks in the npm ecosystem. threat actors are now leveraging smart contracts for command and control, making traditional security measures ineffective. Security researchers at socket have uncovered a sophisticated supply chain attack targeting ethereum developers through the npm package registry. the campaign involved 20 malicious packages masquerading as the popular hardhat development framework, accumulating over 1,000 downloads before detection. A sophisticated npm supply chain attack compromised popular packages, injecting malware that hijacks web3 wallets and drains cryptocurrency.

'Protestware' Npm Package Dependency Labelled Supply-chain Attack - ITnews

'Protestware' Npm Package Dependency Labelled Supply-chain Attack - ITnews "the use of blockchain technology for c2 infrastructure represents a different approach to supply chain attacks in the npm ecosystem, making the attack infrastructure more resilient to takedown attempts while complicating detection efforts," gelb said. The discovery of this blockchain based malware campaign demonstrates the evolving sophistication of supply chain attacks in the npm ecosystem. threat actors are now leveraging smart contracts for command and control, making traditional security measures ineffective. Security researchers at socket have uncovered a sophisticated supply chain attack targeting ethereum developers through the npm package registry. the campaign involved 20 malicious packages masquerading as the popular hardhat development framework, accumulating over 1,000 downloads before detection. A sophisticated npm supply chain attack compromised popular packages, injecting malware that hijacks web3 wallets and drains cryptocurrency.