Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware
Nov. 5, 2024, 6:32 p.m.
Tags
External References
Description
A sophisticated supply chain attack has been discovered targeting the NPM ecosystem. The malicious package 'jest-fet-mock' impersonates popular testing utilities and uses Ethereum smart contracts for command-and-control operations. This cross-platform malware affects Windows, Linux, and macOS, executing during package installation via preinstall scripts. It performs info-stealing actions and establishes persistence across infected systems. The attack leverages blockchain technology for resilient C2 infrastructure, making it difficult to detect and take down. This approach represents a notable shift in supply chain attack methodologies, combining blockchain with traditional attack vectors. The campaign specifically targets development environments and CI/CD pipelines, posing a significant threat to software supply chains.
Date
Published: Nov. 5, 2024, 5:21 p.m.
Created: Nov. 5, 2024, 5:21 p.m.
Modified: Nov. 5, 2024, 6:32 p.m.
Indicators
df67a118cacf68ffe5610e8acddbe38db9fb702b473c941f4ea0320943ef32ba
3f4445eaf22cf236b5aeff5a5c24bf6dbc4c25dc926239b8732b351b09698653
0801b24d2708b3f6195c8156d3661c027d678f5be064906db4fefe74e1a74b17
193.233.201.21
Attack Patterns
jest-fet-mock
T1588.006
T1102.002
T1056.001
T1082
T1057
T1105
T1071
T1132
T1053
T1078
T1059
Additional Informations
Technology