ReversingLabs研究人员发现两个恶意npm包利用以太坊（Ethereum）智能合约隐藏并传播恶意软件。这两个名为colortoolsv2和mimelib2的软件包于2025年7月被识别，展现了开源安全攻防战中的新战术。

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

ReversingLabs reveals hackers using Ethereum Smart contracts in NPM packages to conceal malware URLs, bypass scans, and ...

Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least ...

Overview Solidity leads dApp development with a strong ecosystem and massive developer supportRust, Move, and Cairo offer speed, safety, and scalability for nex ...