Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware

Nov. 5, 2024, 6:32 p.m.

Description

A sophisticated supply chain attack has been discovered targeting the NPM ecosystem. The malicious package 'jest-fet-mock' impersonates popular testing utilities and uses Ethereum smart contracts for command-and-control operations. This cross-platform malware affects Windows, Linux, and macOS, executing during package installation via preinstall scripts. It performs info-stealing actions and establishes persistence across infected systems. The attack leverages blockchain technology for resilient C2 infrastructure, making it difficult to detect and take down. This approach represents a notable shift in supply chain attack methodologies, combining blockchain with traditional attack vectors. The campaign specifically targets development environments and CI/CD pipelines, posing a significant threat to software supply chains.

External References

https://checkmarx.com/blog/supply-chain-attack-using-ethereum-smart-contracts-to-distribute-multi-platform-malware/
https://otx.alienvault.com/pulse/672a5422e6e512ba91989393
Tags
supply-chain
typosquatting
c2
npm
multi-platform
2024-11-05
blockchain
development-tools
smart-contract
ethereum
jest-fet-mock

Date

  • Created: Nov. 5, 2024, 5:21 p.m.
  • Published: Nov. 5, 2024, 5:21 p.m.
  • Modified: Nov. 5, 2024, 6:32 p.m.

Indicators

  • df67a118cacf68ffe5610e8acddbe38db9fb702b473c941f4ea0320943ef32ba
  • 3f4445eaf22cf236b5aeff5a5c24bf6dbc4c25dc926239b8732b351b09698653
  • 0801b24d2708b3f6195c8156d3661c027d678f5be064906db4fefe74e1a74b17
  • 193.233.201.21
Download all indicators here!

Attack Patterns

  • jest-fet-mock

Additional Informations

  • Technology