Cybersecurity researchers have identified two malicious packages on the npm registry that exploit Ethereum smart contracts to execute harmful actions on compromised systems. This discovery highlights the persistent efforts of cybercriminals to refine their strategies for distributing malware and evading detection.
The two malicious packages, uploaded in July 2025, are named colortoolsv2 and mimelib2. They were designed to conceal destructive commands, which can install malware that acts as a downloader onto such systems. The software supply chain security firm, ReversingLabs, emphasized the importance of meticulous scrutiny for developers when assessing libraries they consider for implementation.
These packages, while overtly malicious, were incorporated into seemingly credible GitHub projects, misleading unsuspecting developers into integrating them into their projects. The malicious activity is triggered when these packages are utilized in any project, causing the targeted systems to fetch and execute secondary payloads from servers controlled by the attackers.
The innovation in this malware is the utilization of Ethereum smart contracts to hide the URLs for downloading payloads, a technique reminiscent of previous operations like EtherHiding. This approach showcases the evolving tactics of threat actors as they seek new means to avoid detection.
Further investigation revealed that these packages have links to a network of fraudulent GitHub repositories claiming to offer an automated trading bot platform that utilizes real-time on-chain data. Though the GitHub account associated with these packages has since been removed, the overall issue persists, with the malicious nature of this campaign suggesting cryptocurrency developers and users as the primary targets.
Valentić, from ReversingLabs, stressed that developers should critically evaluate libraries before integrating them into their workflows, looking beyond superficial metrics and considering the legitimacy of both the packages themselves and the developers behind them.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.