Ethereum News Today: Smart contracts become launchpad for malware attacks, triggering complex supply chain attacks

Cybersecurity researchers have discovered a novel malware propagation method that utilizes Ethereum smart contracts to hide malicious URLs in npm packages such as colortoolsv2 and mimelib2. These seemingly harmless packages will get attack payloads from on-chain sources after installation, bypassing traditional security scans. The technology takes advantage of the immutability of blockchains to create lasting and difficult to detect threats, highlighting the evolving risks in the open source software supply chain.