Malicious NPM Package Disguised as Ethereum Tool Found
/ 1 min read
🦠 Malicious npm Package Disguised as Ethereum Vulnerability Tool Discovered. Cybersecurity researchers have identified a harmful package on the npm registry, named ethereumvulncontracthandler, which pretends to be a library for detecting vulnerabilities in Ethereum smart contracts but actually installs the Quasar RAT (Remote Access Trojan) on developer systems. Published on December 18, 2024, the package has been downloaded 66 times and employs multiple layers of obfuscation to evade detection. Once installed, it retrieves a malicious script that executes PowerShell commands to deploy the RAT, allowing attackers to gain full control over infected machines. This incident highlights ongoing concerns about the security of open-source software supply chains and the potential for malware disguised as legitimate tools.
