Hacker Slips Malicious Code Into Ethereum Dev Tool ETHcode

ETHcode is a VS Code extension that helps developers build and test Ethereum-compatible smart contracts and apps.

The suspicious code was added on June 17 by a GitHub user named Airez299, who had no earlier contributions to the project.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is FUD in Crypto? (Fear, Uncertainty & Doubt Explained)

SUBSCRIBE

ON YOUTUBE

The update included 43 separate changes and about 4,000 edited lines, which mainly described a new testing system and additional features. Inside this large batch, two lines of malicious code were hidden.

The update was reviewed by GitHub’s automated AI tool and also checked by 7finney, the team that manages ETHcode. Neither spotted the problem, and only small edits were requested before approval.

According to ReversingLabs, the harmful code was disguised in a way that made it hard to notice. The first line was placed in a file with a name almost identical to an existing one and written in a scrambled style to make it harder to read.

The second line was designed to activate the first. When triggered, it launched a PowerShell script that downloaded and ran a batch file from a public file-sharing site.

ReversingLabs noted that it was likely designed to steal cryptocurrency stored on the victim’s computer or interfere with Ethereum projects being developed using the tool.

Recently, Sentinel Labs discovered a hacking campaign linked to groups in North Korea that uses malware called NimDoor. How does the malware work? Read the full story.