Cybersecurity researchers at ReversingLabs recently found that a hacker injected harmful code into ETHcode, a toolset for Ethereum
ETHcode is a VS Code extension that helps developers build and test Ethereum-compatible smart contracts and apps.
The suspicious code was added on June 17 by a GitHub user named Airez299, who had no earlier contributions to the project.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
Blockchain Transaction Easily Explained! (Animated)
The update included 43 separate changes and about 4,000 edited lines, which mainly described a new testing system and additional features. Inside this large batch, two lines of malicious code were hidden.
The update was reviewed by GitHub’s automated AI tool and also checked by 7finney, the team that manages ETHcode. Neither spotted the problem, and only small edits were requested before approval.
According to ReversingLabs, the harmful code was disguised in a way that made it hard to notice. The first line was placed in a file with a name almost identical to an existing one and written in a scrambled style to make it harder to read.
The second line was designed to activate the first. When triggered, it launched a PowerShell script that downloaded and ran a batch file from a public file-sharing site.
ReversingLabs noted that it was likely designed to steal cryptocurrency stored on the victim’s computer or interfere with Ethereum projects being developed using the tool.
Recently, Sentinel Labs discovered a hacking campaign linked to groups in North Korea that uses malware called NimDoor. How does the malware work? Read the full story.
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
