Recent reports indicate that malicious npm packages are impersonating legitimate tools used in Ethereum development, particularly targeting developers and organizations in the Middle East. A specific package has been identified that deploys Quasar Remote Access Trojan (RAT) onto developers' machines, as noted by Socket Security. Additionally, over 1,000 downloads of a fake package masquerading as Hardhat tools have been recorded, which have been active for more than a year. This malicious software exfiltrates data using hardcoded Ethereum addresses. The EAGERBEE malware has also been upgraded, now targeting internet service providers (ISPs) and government entities in the Middle East. This variant allows for dynamic loading, unloading, or swapping of plugins in memory on demand and is linked to state-aligned groups such as Cluster Alpha and TA428.