Today > vulnerabilities   -   You can now download lists of IOCs here!

Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware

Nov. 5, 2024, 6:32 p.m.

Description

A sophisticated supply chain attack has been discovered targeting the NPM ecosystem. The malicious package 'jest-fet-mock' impersonates popular testing utilities and uses Ethereum smart contracts for command-and-control operations. This cross-platform malware affects Windows, Linux, and macOS, executing during package installation via preinstall scripts. It performs info-stealing actions and establishes persistence across infected systems. The attack leverages blockchain technology for resilient C2 infrastructure, making it difficult to detect and take down. This approach represents a notable shift in supply chain attack methodologies, combining blockchain with traditional attack vectors. The campaign specifically targets development environments and CI/CD pipelines, posing a significant threat to software supply chains.

Date

Published: Nov. 5, 2024, 5:21 p.m.

Created: Nov. 5, 2024, 5:21 p.m.

Modified: Nov. 5, 2024, 6:32 p.m.

Indicators

df67a118cacf68ffe5610e8acddbe38db9fb702b473c941f4ea0320943ef32ba

3f4445eaf22cf236b5aeff5a5c24bf6dbc4c25dc926239b8732b351b09698653

0801b24d2708b3f6195c8156d3661c027d678f5be064906db4fefe74e1a74b17

193.233.201.21

Attack Patterns

jest-fet-mock

T1588.006

T1102.002

T1056.001

T1082

T1057

T1105

T1071

T1132

T1053

T1078

T1059

Additional Informations

Technology