Cybercriminals Hide Malware in BSC Smart Contracts
Cybercriminals have found a new way to distribute malware by exploiting BNB Smart Chain (BSC) smart contracts. This technique, called ‘EtherHiding,’ involves injecting code into compromised WordPress websites to retrieve partial payloads from blockchain contracts. The attackers then hide the payloads in Binance smart contracts, using them as anonymous hosting platforms. Recently, the attacks have taken the form of fake browser updates, where victims are tricked into updating their browsers through a fake landing page. The payload contains JavaScript that fetches additional code from the attacker’s domains, leading to full site defacement and malware distribution.
Modifying Attack Methods at Will
The hackers can easily update the code and change their attack methods as they please. They can swap out malicious code with each new blockchain transaction, making it difficult to mitigate the threat. Guardio Labs for cybersecurity has emphasized the need for adaptive defenses to counter these emerging threats. Once infected smart contracts are deployed, Binance can only rely on its developer community to identify and flag malicious code.
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
Vulnerability of WordPress Websites
Guardio has highlighted the vulnerability of WordPress sites, which account for approximately 43% of all websites. These sites serve as primary gateways for cyber threats to reach a large number of victims. Therefore, website owners using WordPress need to be extra cautious with their security practices.
Blockchain’s Role in Malicious Campaigns
The firm warns that Web3 and blockchain provide new possibilities for unchecked malicious campaigns. It stresses the importance of adaptive defenses in countering these emerging threats.
Hot Take: Cybercriminals Exploit BSC Smart Contracts to Spread Malware
Cybercriminals have discovered a new method of distributing malware by manipulating Binance Smart Chain (BSC) smart contracts. They inject code into compromised WordPress websites, hiding malicious payloads in Binance smart contracts. The attackers can easily modify their attack methods, making it challenging to mitigate the threat. Website owners using WordPress should be extra cautious due to the vulnerability of these sites. Guardio Labs emphasizes the need for adaptive defenses to counter these emerging threats posed by Web3 and blockchain technology.
