Why Hackers May Choose Binance’s BNB Smart Chain
The new attack vector, which hides malicious code in blockchain smart contracts, is named “EtherHiding” but has nothing to do with Ethereum, according to cyber security analysts.
As reported by Cointelegraph on October 16, EtherHiding has turned out to be a new way for bad actors to hide malicious payloads with the ultimate goal of distributing malware to unsuspecting victims.
These cybercriminals prefer to use Binance's BNB Smart Chain, it is understood.
Joe Greene, a security researcher at blockchain security firm CertK, told Cointelegraph that much of this is due to the low cost of the BNB Smart Chain:
“The handling fee of BSC is much cheaper than ETH, but the network stability and speed are the same because each update of the JavaScript fee is very cheap, which means there is no financial burden.”
Ether Hiding attacks begin with hackers defacing WordPress websites and inserting code that pulls partial payloads buried in Binance smart contracts. The website's front end is replaced with a fake update browser, which pulls a JavaScript payment from the Binance blockchain when clicked.
Actors frequently change their malware payloads and update websites' domains to avoid detection. This allows users to constantly serve up new malware downloads disguised as browser updates, Green explained.
Another reason, according to security researchers at Web3 analytics firm 0xScope, may be because of increased security-related scrutiny on Ethereum.
“While we cannot determine the exact reasons why the EtherHiding Hacker used BNB Smart Chain for their plan, it is likely that one of them is the security-related investigation on Ethereum.”
Because of systems like Infura's IP address tracking for MetaMask transactions, hackers may face a higher chance of finding their malicious code using Ethereum, he said.
RELATED: Crypto Investors Are Being Attacked by New Malware, Cisco Talos Reveals
The 0xScope team for Cointelegraph recently tracked the flow of funds between hacker addresses on the BNB Smart Chain and Ethereum.
Key contacts are connected to NFT marketplace OpenSea users and copper protection services, he reports.
Downloads from 18 identified hacker domains are updated daily. This complexity makes EtherHiding difficult to detect and stop, the firm concluded.
Magazine: Should crypto projects negotiate with hackers? in case