Developer News - A sophisticated NPM supply chain attack using Ethereum smart contracts for command-and-control highlights the urgent need for developers to verify package legitimacy and strengthen security practices

in #blockchain4 months ago

https://www.developer-tech.com/news/npm-supply-chain-attack-ethereum-blockchain/
Screenshot_20241105-194351_Brave.jpg

Checkmarx researchers discovered a sophisticated supply chain attack in the NPM ecosystem, where attackers used a malicious package, "jest-fet-mock," to target developers with malware that employs Ethereum smart contracts for command-and-control (C2) operations.

By typosquatting and mimicking popular packages, the attackers lured developers into installing the malware, which can steal information across Windows, Linux, and macOS systems, and maintain persistence using decentralized blockchain infrastructure—making it resilient to removal.

This incident underscores the need for developers to verify package authenticity rigorously and implement stringent security practices to protect their development environments from evolving threats.

Screenshot_20211106-080453_DesignEvo.jpg

#horror #sophisticated #npm #supply #chain #attack #ethereum
4 months ago in #blockchain by
$0.29
  • Past Payouts $0.29
  • - Author $0.14
  • - Curators $0.14
33 votes
Reply 1
Sort:  
  • Trending
    • [-]
     4 months ago 

    Upvoted! Thank you for supporting witness @jswit.

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.17
      TRX 0.24
      JST 0.034
      BTC 95924.26
      ETH 2810.51
      SBD 0.67