Cybersecurity researchers have unearthed a devious method deployed by threat actors to hide malicious payloads within Binance smart contracts, enticing victims to engage with counterfeit browser update prompts.
This newly identified threat, known as “EtherHiding,” has exposed an innovative technique where cybercriminals manipulate BNB Smart Chain (BSC) smart contracts to conceal malware and disseminate malicious code.
Guardio Labs, a prominent cybersecurity research group, shared an in-depth analysis of this EtherHiding technique in a report published on October 15. The modus operandi involves compromising WordPress websites by injecting code that extracts partial payloads from blockchain contracts.
These ill-intentioned actors clandestinely store the payloads within BSC smart contracts, effectively transforming them into anonymous free hosting platforms for their malevolent content.
The attackers retain the flexibility to modify the code and change their attack strategies at will. Recent instances of this malicious activity have taken the form of counterfeit browser updates, where victims receive prompts urging them to update their browsers through fraudulent landing pages and links.
The payload comprises JavaScript code that fetches additional instructions from domains under the attacker’s control, culminating in the defacement of websites with counterfeit browser update notices that deliver malware.
Notably, this approach empowers the threat actors to alter their attack chain by replacing malicious code with each new blockchain transaction, rendering it a formidable challenge to combat, as emphasized by Nati Tal, Head of Cybersecurity at Guardio Labs, and fellow security researcher Oleg Zaytsev.
Once infected smart contracts are deployed, they operate independently, with Binance primarily relying on its developer community to flag and identify malicious code within contracts.
Guardio underscored that website owners using WordPress, which powers approximately 43% of all websites, must be exceptionally vigilant in their security practices, emphasizing the critical role these sites play in serving as the entry point for various threats.
The firm concluded by highlighting that the adoption of Web3 and blockchain technology has ushered in new avenues for unbridled malicious campaigns, necessitating the development of adaptive defenses to counter these evolving threats.