In different phrases, there isn’t any single deal with, IP, or server to dam. That stated, there are downsides to the approach that aren’t talked about by Checkmarx, together with the truth that blockchain communication is gradual, in addition to public. The blockchains can’t be edited, or blocked simply, however they are often tracked as soon as their use as a part of malware C2 has been uncovered.
Regardless of previous predictions that the approach would take off, that is most likely why utilizing blockchains for C2 stays the experimental protect of specialist malware.
Bundle confusion
Maybe the extra vital a part of the story is that the approach is getting used to focus on testing instruments distributed by way of NPM, the most important open supply JavaScript registry. Focusing on testing instruments is one other option to get contained in the privileged developer testing environments, and any deeper entry to the CI/CD pipelines that they reveal.
