Hackers create novel way to hide malicious code in blockchains

1 year ago CryptoExpert
Hackers create novel way to hide malicious code in blockchains


Cybercriminals have discovered a new way to spread malware to unsuspecting users, this time by manipulating BNB Smart Chain (BSC) smart contracts to hide malware and disseminate malicious code.

A breakdown of the technique known as “EtherHiding” was shared by security researchers at Guardio Labs in an Oct. 15 report, explaining that the attack involves compromising WordPress websites by injecting code that retrieves partial payloads from the blockchain contracts.

The attackers hide the payloads in BSC smart contracts, essentially serving as anonymous free hosting platforms for them.

The hackers can update the code and change the attack methods at will. The most recent attacks have come in the form of fake browser updates, where victims are prompted to update their browsers using a fake landing page and link.

Tokenmetrics

The payload contains JavaScript that fetches additional code from the attacker’s domains. This eventually leads to full site defacement with fake browser update notices that distribute malware.

This approach allows the threat actors to modify the attack chain by simply swapping out malicious code with each new blockchain transaction. This makes it challenging to mitigate, according to Nati Tal, head of cybersecurity at Guardio Labs, and fellow security researcher Oleg Zaytsev.

Once the infected smart contracts are deployed, they operate autonomously. All Binance can do is rely on its developer community to flag malicious code in contracts upon discovery.

Contract address flagged for scam activity. Source: Guard.io

Guardio stated that website owners using WordPress, which runs roughly 43% of all websites, need to be extra vigilant with their own security practices before adding:

“WordPress sites are so vulnerable and frequently compromised, as they serve as primary gateways for these threats to reach a vast pool of victims.”

Related: Crypto investors under attack by new malware, reveals Cisco Talos

The firm concluded that Web3 and blockchain bring new possibilities for malicious campaigns to operate unchecked. “Adaptive defenses are needed to counter these emerging threats,” it said.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis



Source link

Changelly

More Stories

North Korea tech workers found among staff at UK blockchain projects

North Korea tech workers found among staff at UK blockchain projects

1 day ago CryptoExpert
Crypto exploit, scam losses drop to $28.8M in March after February spike

Crypto exploit, scam losses drop to $28.8M in March after February spike

2 days ago CryptoExpert
South Korean crypto exchange users hit 16M in ‘saturation point’

South Korean crypto exchange users hit 16M in ‘saturation point’

3 days ago CryptoExpert
Bitcoin adoption in EU limited by ‘fragmented’ regulations — Analysts

Bitcoin adoption in EU limited by ‘fragmented’ regulations — Analysts

4 days ago CryptoExpert
Zhao pledges BNB for Thailand, Myanmar disaster relief

Zhao pledges BNB for Thailand, Myanmar disaster relief

5 days ago CryptoExpert
Darkweb actors claim to have over 100K of Gemini, Binance user info

Darkweb actors claim to have over 100K of Gemini, Binance user info

6 days ago CryptoExpert

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Making Money When the Market Drops: How Traders Use AI to Predict Crypto Crashes

How Traders Use AI to Predict Crypto Crashes

6 hours ago CryptoExpert
Trump enacts 10% tariff on all imports, ramps up pressure on 60 countries

Trump enacts 10% tariff on all imports, ramps up pressure on 60 countries

6 hours ago CryptoExpert
Tests $2,500 Support Level Amid International Trade Tensions

Recovery Faces Resistance at $1,920 Level

6 hours ago CryptoExpert
Price analysis 4/2: BTC, ETH, XRP, BNB, SOL, DOGE, ADA, TON, LINK, LEO

Price analysis 4/2: BTC, ETH, XRP, BNB, SOL, DOGE, ADA, TON, LINK, LEO

6 hours ago CryptoExpert
You have not selected any currency to display

Pin It on Pinterest

Crypto-Moon
Fiverr
Crypto-Moon
Hackers create novel way to hide malicious code in blockchains
Tokenmetrics
Changelly
North Korea tech workers found among staff at UK blockchain projects
Crypto exploit, scam losses drop to $28.8M in March after February spike
South Korean crypto exchange users hit 16M in ‘saturation point’
Bitcoin adoption in EU limited by ‘fragmented’ regulations — Analysts
Zhao pledges BNB for Thailand, Myanmar disaster relief
Darkweb actors claim to have over 100K of Gemini, Binance user info
Changelly
Changelly
Making Money When the Market Drops: How Traders Use AI to Predict Crypto Crashes
Trump enacts 10% tariff on all imports, ramps up pressure on 60 countries
Tests $2,500 Support Level Amid International Trade Tensions
Price analysis 4/2: BTC, ETH, XRP, BNB, SOL, DOGE, ADA, TON, LINK, LEO
Ethereum price may have bottomed, but pro traders show little interest in buying ETH
Making Money When the Market Drops: How Traders Use AI to Predict Crypto Crashes
Trump enacts 10% tariff on all imports, ramps up pressure on 60 countries
Tests $2,500 Support Level Amid International Trade Tensions
Price analysis 4/2: BTC, ETH, XRP, BNB, SOL, DOGE, ADA, TON, LINK, LEO