The 'jest-fet-mock' package, posing as a trusted JavaScript utility, employs Ethereum smart contracts for C2 operations, marking an unprecedented fusion of blockchain technology with supply chain attacks.
This malicious software exploits the trust developers place in legitimate packages, utilizing a clever typosquatting technique to deceive them by mimicking popular JavaScript libraries.
Once installed, the malware operates across different operating systems, including Windows, Linux, and macOS, by executing info-stealing functionalities and ensuring ongoing communication with command-and-control servers.
The research highlights a new wave of sophisticated cyber threats, where established supply chain methods meet emerging technologies like blockchain, challenging traditional security paradigms.
Collection
[
|
...
]