Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / CoingabbarEN /
Emerging Threat: npm Packages Weaponize Ethereum Blockchain in Sophisticated Malware Campaign

Emerging Threat: npm Packages Weaponize Ethereum Blockchain in Sophisticated Malware Campaign

Author:
CoingabbarEN
Published:
2025-09-04 08:31:00
14
2

Open-source software supply chains face a dangerous new frontier as attackers embed malicious payloads within seemingly legitimate npm packages—using Ethereum's decentralized architecture as their camouflage.

The Stealth Infrastructure

Researchers uncovered multiple packages leveraging blockchain transactions to dynamically update command-and-control servers. Instead of hardcoding endpoints, malware retrieves fresh IP addresses from predetermined Ethereum wallet transactions—making detection and blacklisting nearly impossible through conventional means.

Supply Chain Under Siege

These packages masquerade as crypto utilities and development tools, specifically targeting Web3 developers. Once installed, they establish persistent access while maintaining appearances through normal blockchain interactions. The attack demonstrates frightening sophistication in bypassing traditional security protocols.

Security teams scramble to identify contaminated dependencies while developers face heightened scrutiny of their toolchains. Meanwhile, Ethereum keeps processing transactions—because apparently even cybersecurity threats need decentralized infrastructure these days. Just another day where innovation outpaces protection, and someone's probably trading this news as a bullish signal right now.

In a stunning development, cybersecurity researchers have unveiled a new malware distribution technique targeting the nom ecosystem. Two malicious packages, uploaded to npm in July, have been found using the ethereum blockchain. These... Read More

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved