Hackers create a new way to hide malicious code in the blockchain
Cybercriminals have found a new way to distribute malware to unsuspecting users, this time using BNB Smart Chain (BSC) smart contracts to hide malware and distribute malicious code.
A technical flaw known as “EtherHiding” security researchers at Guardio Labs shared in a report on October 15, the attack involves defacing WordPress websites by injecting code that loads partial payments from blockchain contracts.
The attackers hide payloads in BSC smart contracts, essentially acting as anonymous free hosting platforms.
Guarddio Labs has exposed “EtherHiding” – a new threat hidden in Binance's Smart Chain, a technique that evades detection, targeting compromised WordPress websites. Read about this game-changing technique! @BNBCHAIN #BNBChain #CyberSecurity https://t.co/alNI5KqKUO
— Guardio (@GuardioSecurity) October 15, 2023
The hackers can update the code and change attack methods at will. The most recent attacks have come in the form of fake browser updates, where victims are asked to update their browsers using a fake landing page and link.
The payload contains JavaScript that fetches additional code from the attacker's domains. This eventually leads to complete site defacement with fake browser update notifications that spread malware.
This approach allows threat actors to change the chain of attack by exchanging malicious code with each new blockchain transaction. This makes it challenging to mitigate, according to Nate Thal, head of cybersecurity at Guardio Labs, and security researcher Oleg Zaysev.
Once the infected smart contracts are deployed, they operate autonomously. What Binance can do is rely on its developer community to point out malicious code in contracts when found.
According to Guardio, website owners who use WordPress, which accounts for 43% of all websites, should carefully monitor their own security practices before adding:
“WordPress websites are highly vulnerable and frequently attacked, serving as the primary gateway for these threats to reach many victims.”
RELATED: Crypto Investors Are Being Attacked By New Malware, Cisco Talos Reveals
The company concluded that Web3 and blockchain bring new opportunities for malicious campaigns to operate unchecked. “Adaptive defenses are needed to counter these emerging threats,” he said.
Collect this article as an NFT to preserve this in history and show your support for free journalism in the crypto space.
Magazine: Blockchain Investigators – Matt Gox's failure saw the birth of Chinalysis
