{
  "name": "Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware",
  "slug": "supply-chain-attack-using-ethereum-smart-contracts-to-distribute-multi-platform-malware",
  "description": "A sophisticated supply chain attack has been discovered targeting the NPM ecosystem. The malicious package 'jest-fet-mock' impersonates popular testing utilities and uses Ethereum smart contracts for command-and-control operations. This cross-platform malware affects Windows, Linux, and macOS, executing during package installation via preinstall scripts. It performs info-stealing actions and establishes persistence across infected systems. The attack leverages blockchain technology for resilient C2 infrastructure, making it difficult to detect and take down. This approach represents a notable shift in supply chain attack methodologies, combining blockchain with traditional attack vectors. The campaign specifically targets development environments and CI/CD pipelines, posing a significant threat to software supply chains.",
  "published": "2024-11-05T16:21:38+00:00",
  "created_at": "2024-11-05T16:21:38+00:00",
  "modified_at": "2024-11-05T17:32:53+00:00",
  "created_at_opencti": "2024-11-05T16:21:38+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-11-05",
    "blockchain",
    "c2",
    "development-tools",
    "ethereum",
    "jest-fet-mock",
    "multi-platform",
    "npm",
    "smart-contract",
    "supply-chain",
    "typosquatting"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "193.233.201.21"
      },
      {
        "id": "",
        "name": "df67a118cacf68ffe5610e8acddbe38db9fb702b473c941f4ea0320943ef32ba"
      },
      {
        "id": "",
        "name": "3f4445eaf22cf236b5aeff5a5c24bf6dbc4c25dc926239b8732b351b09698653"
      },
      {
        "id": "",
        "name": "0801b24d2708b3f6195c8156d3661c027d678f5be064906db4fefe74e1a74b17"
      }
    ],
    "malware": [
      {
        "id": "d0c59241-1e00-4341-84ae-0a0900c434b7",
        "name": "jest-fet-mock",
        "slug": "jest-fet-mock"
      }
    ],
    "attack_patterns": [
      {
        "id": "890a254d-7af5-4374-84b5-ebcc4375e379",
        "name": "T1588.006"
      },
      {
        "id": "de38dd3a-41d7-4621-8a00-a32d7f0ff420",
        "name": "T1102.002"
      },
      {
        "id": "667462db-9031-48eb-893a-05d35f9330a7",
        "name": "T1056.001"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1",
        "name": "T1057"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb",
        "name": "T1132"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Technology"
      }
    ]
  },
  "external_refs": [
    "https://checkmarx.com/blog/supply-chain-attack-using-ethereum-smart-contracts-to-distribute-multi-platform-malware/",
    "https://otx.alienvault.com/pulse/672a5422e6e512ba91989393"
  ]
}