Hackers are exploiting Ethereum smart contracts to inject malware into popular NPM coding libraries, using packages to run malicious commands.