A malicious package found on the npm repository alters a locally installed legitimate package to open a reverse shell that is difficult to remove, researchers at ReversingLabs disclosed Monday.
The “ethers-provider2” package contains a downloader, which installs a script that constantly checks if the “ethers” package is installed. The ethers package is a legitimate TypeScript library for interacting with the Ethereum blockchain and has more than a million weekly downloads on npm.
If the ethers package is installed on the victim’s machine, ethers-provider2 replaces the legitimate package’s “provider-jsonrpc.js” file with a similar file that contains additional malicious code.
This added code includes a modified ssh client similar to that from the legitimate “ssh2” package but that allows for the opening of a reverse shell when receiving a custom message from the attacker’s server.
Once the malicious file is installed within the local ethers package, the reverse shell and malware cannot be removed by uninstalling the original ethers-provider2 package. This is due to the malware payload existing as a “patch” to the ethers package, aiding the threat actor in establishing persistence on the victim’s machine, according to ReversingLabs.
Uninstalling ethers also does not guarantee that the threat is removed — if the ethers-provider2 script is still running, ethers will be “patched” again with the malicious file when it is reinstalled. Remediating the infection would require complete removal of both the ether-provider2’s payloads and the poisoned ethers file.
The malicious ethers-provider2 package was reported to npm by ReversingLabs and was removed from the repository as of Monday afternoon. The package was installed about 73 times prior to its removal and was originally published on March 15, 2025.
ReversingLabs also discovered a similar malicious package called “ethers-providerz” that appeared to be removed by its creators. This package worked similarly to ethers-provider2, and an earlier version attempted to “patch” files from the locally installed legitimate “@ethersproject/providers” package but contained errors preventing it from working as intended.
Additional removed packages “reproduction-hardhat” and “@theoretical123/providers” were also identified as possibly coming from the same threat actor.
The researchers noted that the legitimate ethers package in the npm repository was not compromised by the threat actors and is safe to install; the malicious packages only affect ethers files that are already locally installed.
ReversingLabs provided a YARA rule that can be used to detect whether a locally installed ethers package has been “patched” by ethers-provider2.
Instances of malware in open-source repositories like npm and PyPI decreased in 2024, according to ReversingLab’s 2025 Software Supply Chain Security Report, although the company noted in its blog post that the downward trend does not appear to be continuing in 2025.
Additionally, the researchers said ethers-provider2’s unique tactics show how threat actors are finding new ways to hide their malicious payloads and establish persistence.
