Cybersecurity researchers have identified a malicious npm package, ethereumvulncontracthandler, posing as a tool for detecting vulnerabilities in Ethereum smart contracts but secretly deploying Quasar RAT, an open-source remote access trojan. Published on December 18, 2024, and downloaded 66 times, the package uses obfuscation techniques and sandbox evasion to execute PowerShell commands, modify the Windows Registry, and connect to a command-and-control server for further instructions. This discovery coincides with a study revealing a surge in fake GitHub stars used to boost the credibility of malware-laced repositories, emphasizing that star counts are an unreliable metric for evaluating repository quality.

‍