A new cyber threat is emerging from North Korea as its state-backed hackers experiment with embedding malicious code directly into blockchain networks.

Google’s Threat Intelligence Group (GTIG) reported on October 17 that the technique, called EtherHiding, marks a new evolution in how hackers hide, distribute, and control malware across decentralized systems.

Sponsored

Sponsored

What is EtherHiding?

GTIG explained that EtherHiding allows attackers to weaponize smart contracts and public blockchains like Ethereum and BNB Smart Chain by using them to store malicious payloads.

Once a piece of code is uploaded to these decentralized ledgers, removing or blocking it becomes nearly impossible due to their immutable nature.

“Although smart contracts offer innovative ways to build decentralized applications, their unchangeable nature is leveraged in EtherHiding to host and serve malicious code in a manner that cannot be easily blocked,” GTIG wrote.

In practice, the hackers compromise legitimate WordPress websites, often by exploiting unpatched vulnerabilities or stolen credentials.

After gaining access, they insert a few lines of JavaScript—known as a “loader”—into the website’s code. When a visitor opens the infected page, the loader quietly connects to the blockchain and retrieves malware from a remote server.

Go to Source to See Full Article
Author: Oluwapelumi Adejumo