The Financial world is a major target for malicious activities, and among them is hacking. As blockchain technology gains recognition and as its potential is being realized, new emerging risks are on the rise, and the latest one is EtherHiding. This is a newly developed way for hackers to attack blockchain networks and conduct malicious activities.
EtherHiding is a sophisticated technique used by hackers to conceal malicious codes inside a blockchain network. One example of such a malicious act was in the Binance Smart Chain network, where the cybercriminals discovered a way of spreading malware. Unaware customers have been targeted, and cybersecurity excerpts have unmasked the cybercrime and warned on the matter.
Hackers using EtherHiding to spread malware
Cybercriminals involved in hacking have discovered a novel method of hiding malicious code in Binance Smart contracts. These hackers have found a way to manipulate Bianace Smart Chain (BSC) smart contracts and use them to hide malicious codes. They lure their victims through this hidden malware and attack unsuspecting customers.
The targets are duped into updating their browsers with fake prompts. This has also been confirmed by cybersecurity experts and researchers. According to a cybersecurity researcher in Guardio Labs, the report on 15th October explains more about the attack. They found out that hackers involve compromising WordPress websites and install malicious code that recoups partial payloads from smart contracts on the blockchain. This code is hidden in the BNB Smart Chain smart contracts. As such, they serve as anonymous free hosting platforms where their victims are lured.
Source: The Hacker News
Furthermore, the threat actors can update the code at will and change their mode of attack. The most recently unmasked strategy they employ is the fake browser update. Victims were tricked into clicking on fake landing pages, prompted by fake browser update notifications. The links are embedded with the malicious code that retrieves partial payloads.
How hackers use EtherHiding
EtherHiding is a technique that allows cyber attackers to spread malicious code across multiple nodes in a blockchain network. This is different from traditional malware attacks that rely on centralized servers. It makes EtherHiding extremely hard to detect and remove. Basically, this is due to the fact that once the code is infused into the blockchain network, it becomes part of the immutable ledger.
The payload includes a JavaScript code that retrieves additional code from the hacker’s domains. Eventually, the full site is saturated with fake browser update notifications that spread the malware. The approach is indeed sophisticated as it allows the attackers to swap out malicious code to one another at will. This allows them to modify their attack strategies and makes it a challenge to try to solve.
The hackers employ strategies like steganography that hides information inside digital files. It can be through the update notifications. Another way is through obfuscation, and this is when a code is intentionally modified to make it difficult to analyze.
Nati Tal, the lead of cybersecurity at Guardio Labs, and her partner researcher Ogeg Zaytsev confirm that the EtherHiding malicious attacks can be a challenge to mitigate. When the smart contracts are infected, the cybercriminals operate anonymously, and this makes it hard to flag the hackers. B
SC can only rely on its network community to flag these malicious attacks. It is clear that EtherHiding presents a major security threat that diminishes the integrity of blockchain networks. Guardo Labs advised:
WordPress sites are so vulnerable and frequently compromised, as they serve as primary gateways for these threats to reach a vast pool of victims. Adaptive defenses are needed to counter these emerging threats.
Guardo Labs
Considering that 43% of all websites are run using WordPress, Guardio suggests website owners be extra vigilant with their security strategies. Following the growth and development of blockchain and Web3, malicious campaigns are on the rise and should not be left unchecked.
