While Ethereum (ETH) has been one of the main focuses of the cryptocurrency market lately, researchers have revealed the hidden danger in ETH. Research firm ReversingLabs said hackers have found a new way to hide malware in Ethereum smart contracts, Coindesk reported. ReversingLabs researchers have uncovered two malicious NPM packages that use Ethereum smart contracts to hide malicious code, allowing the malware to bypass traditional security checks. These are the “colortoolsv2” and “mimelib2” packages, and they were uploaded to the widely used Node Package Manager repository in July, ReversingLabs researcher Lucija Valentić noted in the report. Valentic said: “While they may seem like simple utilities at first glance, in practice they were exploiting Ethereum’s blockchain to hijack hidden URLs that directed compromised systems to download second-stage malware. By embedding these commands within a smart contract, attackers disguised their activities as legitimate blockchain traffic, making detection even more difficult. This is something we haven't seen before. What is new and different is the use of Ethereum smart contracts to host URLs containing malicious scripts and download second-stage malware.” *This is not investment advice.