BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Ethereum Smart Contracts Used to Hide Malware in npm Packages

Malicious npm Packages Used Ethereum Smart Contracts to Evade Detection and Spread Downloader Malware Targeting Developers

  • Researchers found two harmful npm packages using Ethereum smart contracts to hide malicious activity.
  • The packages installed downloader Malware and targeted developers on both npm and GitHub.
  • Attackers used reputable-looking GitHub projects to trick users into downloading the malware.
  • These actions are linked to a broader scheme known as Stargazers Ghost Network, which inflates the popularity of fake repositories.
  • Experts advise thorough vetting of libraries and maintainers before including packages in projects.

Cybersecurity researchers have identified two malicious packages posted to the npm registry in July 2025. These packages used Ethereum blockchain smart contracts to carry out hidden attacks on affected systems. The packages focused on distributing malware and were designed to avoid detection by common security tools.

- Advertisement -

According to a report by ReversingLabs researcher Lucija Valentić, the npm packages contained commands that downloaded harmful software to the victim’s system. The packages were removed from npm and were also linked to a larger campaign targeting both npm and GitHub. The attackers made related GitHub projects appear legitimate to persuade developers to use them.

“The two npm packages abused smart contracts to conceal malicious commands that installed downloader malware on compromised systems,” Valentić said in a report. The campaign employed a technique similar to EtherHiding, where Ethereum smart contracts provided URLs for downloading the malware. This method helped attackers avoid detection, as the location of malicious files was not hardcoded in the package.

Further investigation revealed that these packages were referenced in several GitHub repositories, such as “solana-trading-bot-v2,” which promised automatic trading using real-time blockchain data. The main GitHub account connected to this repository has since been removed.

Researchers suggest the campaign is part of the Stargazers Ghost Network, a distribution-as-a-service setup. This group creates fake GitHub accounts to star, fork, and commit to harmful repositories, making them look popular and trustworthy. Other repositories involved include “ethereum-mev-bot-v2,” “arbitrage-bot,” and “hyperliquid-trading-bot.”

- Advertisement -

The naming and content of these repositories show that cryptocurrency developers and users were the main targets, using tactics like social engineering to spread malware. Valentić emphasized the importance for developers to check both the open-source packages and their maintainers carefully: “It is critical for developers to assess each library they are considering implementing before deciding to include it in their development cycle.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Must Read

How Much Money Do You Need To Start In Crypto?

TL;DR -If you are wondering How Much Money Do You Need To Start In Crypto, note that is less than you are probably thinking....
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading