In different phrases, there isn’t a single deal with, IP, or server to dam. That stated, there are downsides to the method that aren’t talked about by Checkmarx, together with the truth that blockchain communication is sluggish, in addition to public. The blockchains can’t be edited, or blocked simply, however they are often tracked as soon as their use as a part of malware C2 has been uncovered.
Regardless of previous predictions that the method would take off, that is in all probability why utilizing blockchains for C2 stays the experimental protect of specialist malware.
Bundle confusion
Maybe the extra vital a part of the story is that the method is getting used to focus on testing instruments distributed by way of NPM, the most important open supply JavaScript registry. Concentrating on testing instruments is one other option to get contained in the privileged developer testing environments, and any deeper entry to the CI/CD pipelines that they reveal.