April 19, 2024
Crypto Criminals Deploy 'EtherHiding' to Conceal Malicious Code in Binance Smart Contracts
Latest Cryptocurrency News

Crypto Criminals Deploy ‘EtherHiding’ to Conceal Malicious Code in Binance Smart Contracts

Security researchers have unveiled a novel cyber threat as hackers employ a method known as “EtherHiding” to obfuscate malicious code within Binance Smart Chain (BSC) smart contracts, deceiving victims with fake browser update prompts.

In a report dated October 15, Guardio Labs cybersecurity experts detailed the technique, explaining that it entails compromising WordPress websites by injecting code designed to fetch partial payloads from blockchain contracts.

The attackers cleverly conceal these payloads within BSC smart contracts, essentially transforming them into anonymous hosting platforms. The perpetrators can regularly update the code and alter their attack tactics as they see fit. Lately, their approach has involved masquerading as fake browser updates, tricking users into thinking they need to update their browsers through counterfeit landing pages and links.

The malicious payload includes JavaScript that retrieves additional code from domains controlled by the attackers. This cascade ultimately results in the complete defacement of websites, with fraudulent browser update notifications disseminating malware.

What sets “EtherHiding” apart is its adaptability, allowing threat actors to change the attack chain by substituting malicious code with each new blockchain transaction. This makes it particularly challenging to counter, as highlighted by Nati Tal, Head of Cybersecurity at Guardio Labs, and security researcher Oleg Zaytsev. Once infected smart contracts are deployed, they function independently, with Binance relying on its developer community to flag malicious code within contracts when detected.

Guardio emphasized the vulnerability of WordPress sites, which power approximately 43% of all websites, as they often serve as the primary entry points for cyber threats to target a vast pool of potential victims. The firm concluded that in the age of Web3 and blockchain technology, new opportunities for malicious campaigns to operate with impunity have emerged, necessitating adaptive defense strategies to combat these evolving threats.

Image by freepik

Related posts

Dimon Slams Crypto; JPMorgan Fined $39B, Launches Token

Anna Garcia

Binance Set to Discontinue Nigerian Naira Transactions by March 8


OKX Integrates Uniswap API for Gas-Free Trading

Robert Paul

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More