EtherHiding Attacks: A New Threat Hiding in Binance Smart Contracts
Cybersecurity analysts have discovered a new attack vector called “EtherHiding,” which involves hiding malicious code in blockchain smart contracts. Surprisingly, this attack is not primarily targeting Ethereum but instead, cybercriminals are using Binance’s BNB Smart Chain. One of the main reasons for this preference is the lower costs associated with BNB Smart Chain compared to Ethereum. The network stability and speed of BNB Smart Chain are similar to Ethereum, but the handling fee is much cheaper.
The EtherHiding attacks start with hackers compromising WordPress websites and injecting code that retrieves partial payloads from buried Binance smart contracts. They then replace the website’s front end with a fake update browser prompt. When users click on this prompt, it pulls the JavaScript payload from the Binance blockchain. The attackers frequently change the malware payloads and update website domains to avoid detection, allowing them to continuously serve users fresh malware disguised as browser updates.
Why BNB Smart Chain?
According to security researchers at 0xScope, one possible reason for using BNB Smart Chain over other blockchains is the increased security-related scrutiny on Ethereum. Hackers injecting their malicious code using Ethereum face higher risks of discovery due to systems like Infura’s IP address tracking for MetaMask transactions.
Furthermore, key addresses linked to NFT marketplace OpenSea users and Copper custody services have been identified in relation to these attacks. The hackers behind EtherHiding update their payloads daily across 18 different domains, making it difficult to detect and stop their activities.
Hot Take: EtherHiding Reveals a Shift in Cybercriminal Tactics
EtherHiding represents a significant shift in cybercriminal tactics by targeting Binance’s BNB Smart Chain instead of Ethereum. This shift is primarily driven by the lower costs associated with BNB Smart Chain, as well as the increased security-related scrutiny on Ethereum. The attackers behind EtherHiding exploit compromised WordPress websites to deliver malware disguised as browser updates, taking advantage of users’ trust. As these attacks continue to evolve and become more sophisticated, it is crucial for individuals and organizations to stay vigilant and take necessary precautions to protect their assets and data.
Source: Cointelegraph
By
By
By
By
By
By