Ethereum smart contracts quietly push javascript malware targeting developers

Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that turns the blockchain into a resilient command channel and complicates takedowns. ReversingLabs detailed two npm packages, colortoolsv2 and mimelib2, that read a contract on Ethereum to fetch a URL for a second-stage downloader rather than hardcoding infrastructure […]