Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Ethereum smart contracts used to push malicious code on npm
Malware and Vulnerabilities
September 03, 2025
reversinglabs
A novel software supply chain attack campaign has been uncovered involving malicious npm packages—colortoolsv2 and mimelib2—that use Ethereum smart contracts to deliver second-stage malware.
Read More
Ethereum Smart Contracts
Npm
Publisher
Previous
Google patches two Android zero-days, 120 defects total ...
Malware and Vulnerabilities
Next
U.S. CISA adds WhatsApp, and TP-link flaws to its Known ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/public_image/cyberscoopa943467a-4818-4aee-abd1-2fb932c42bb8.png)
/https://cyware-ent.s3.amazonaws.com/public_image/securityaffairs6b1ece9e-0a9e-40a9-895a-c2aee3c7ccdd.jpeg)
