Developer News - A sophisticated NPM supply chain attack using Ethereum smart contracts for command-and-control highlights the urgent need for developers to verify package legitimacy and strengthen security practices

in blockchain •  2 months ago 

https://www.developer-tech.com/news/npm-supply-chain-attack-ethereum-blockchain/
Screenshot_20241105-194351_Brave.jpg

Checkmarx researchers discovered a sophisticated supply chain attack in the NPM ecosystem, where attackers used a malicious package, "jest-fet-mock," to target developers with malware that employs Ethereum smart contracts for command-and-control (C2) operations.

By typosquatting and mimicking popular packages, the attackers lured developers into installing the malware, which can steal information across Windows, Linux, and macOS systems, and maintain persistence using decentralized blockchain infrastructure—making it resilient to removal.

This incident underscores the need for developers to verify package authenticity rigorously and implement stringent security practices to protect their development environments from evolving threats.

Screenshot_20211106-080453_DesignEvo.jpg

blockchain horror sophisticated npm supply chain attack ethereum
2 months ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.29
  • Past Payouts $0.29
  • - Author $0.14
  • - Curators $0.14
58 votes
1
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Trending
    • [-]
      ·  2 months ago 

    Upvoted! Thank you for supporting witness @jswit.

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00