Cybersecurity analysts have revealed that despite its name, a new attack vector that hides malicious code in blockchain smart contracts has nothing to do with Ethereum at all.
As Cointelegraph reported on October 16, EtherHiding was discovered to be a new way for bad actors to hide malicious payloads in smart contracts, with the ultimate goal of distributing malware to unsuspecting victims.
It is understood that these cybercriminals often like to use Binance’s BNB Smart Chain.
Joe Green, a security researcher at blockchain security company CertiK, said in an interview with Cointelegraph that this is mainly due to the lower cost of the BNB smart chain.
“BSC’s handling fees are much cheaper than ETH, but the network stability and speed are the same, because each update of the JavaScript Payload is very cheap, which means there is no financial pressure.”
The EtherHiding attack was carried out by hackers who compromised the WordPress website and injected code to extract part of the payload buried in the Binance smart contract. The front-end of the website was replaced with a fake update browser prompt that when clicked will pull a JavaScript payload from the Binance blockchain.
Attackers often change malware payloads and update website domains to evade detection. Green explains that this allows them to continuously provide users with the latest malware downloads disguised as browser updates.
Security researchers at Web3 analytics firm 0xScope said another reason could be increased security-related scrutiny of Ethereum.
“While it’s unlikely we know the EtherHiding hackers’ true motivations for using the BNB Smart Chain rather than other blockchains in their scheme, one possible factor is increased security-related scrutiny of Ethereum.”
They said that hackers using Ethereum to inject malicious code may face a higher risk of detection due to systems such as Infura’s MetaMask transaction IP address tracking.
related: Cisco Talos reveals that cryptocurrency investors are being attacked by new malware
The 0xScope team told Cointelegraph that they recently tracked the flow of funds between the BNB Smart Chain and hacker addresses on Ethereum.
Key addresses are associated with NFT marketplace OpenSea users and Copper hosting services, report.
Payloads for the 18 identified hacking domains are updated daily. This complexity makes EtherHiding difficult to detect and block, the company concluded.
Magazine: Should crypto projects negotiate with hackers?perhaps
Svlook
