Cybercriminals Exploit Binance Smart Chain over Ethereum via New Attack: EtherHiding
Summary:
A recently identified cyberattack method called "EtherHiding," used to conceal harmful code in blockchain smart contracts, primarily targets the Binance Smart Chain (BSC) rather than Ethereum, as the name suggests. The technique involves compromising WordPress websites, inserting malicious payloads into smart contracts, and tricking users into downloading malware disguised as browser updates. The hackers' preference for BSC over Ethereum is due to lower transaction costs and increased security scrutiny on Ethereum. The sophistication of their tactics makes EtherHiding challenging to detect and block.
Cybersecurity experts have disclosed that a newly identified attack vector, known as "EtherHiding," which embeds harmful code in blockchain smart contracts, is not heavily linked to Ethereum, contrary to what its name may suggest. This information, shared by Cointelegraph on October 16, points to EtherHiding as a novel method employed by malfeasants to unsuspiciously lodge damaging payloads within smart contracts, aiming to spread malware to oblivious victims. Intriguingly, these cybercriminals seemingly gravitate more towards utilizing the BNB Smart Chain associated with Binance, according to obtained insights.
Providing insights to Cointelegraph, blockchain security firm CertiK's security analyst Joe Green stated the preference for BNB Smart Chain can be largely attributed to its cheaper transaction costs, equal network stability and speed compared to Ethereum. He explained, “Because the BSC transaction fee is considerably lower than that of Ethereum, and they offer similar network high-speed performance and stability, JavaScript Payload updates are thus inexpensive, eliminating fiscal stresses.”
In terms of EtherHiding’s operation, cybercriminals kickstart their tried-and-tested procedure by violating WordPress websites and infusing code capable of retrieving partial payloads located in Binance smart contracts. The hacked website’s user interface changes, presenting a bogus update browser prompt which, when acted upon, sources a JavaScript payload from the Binance blockchain. Frequently modifying malware payloads and altering website domains to avert detection, the criminals continuously provide new malware downloads camouflaged as browser updates, explains Green. Screenshot of malware updates being deployed in BSC smart contract. Source: Certik.
Increased security-related scrutiny on Ethereum conjectured by security researchers at Web3 analytics firm 0xScope, is another plausible reason for the criminals' preference for the BNB Smart Chain. According to them, would-be hackers risk higher chances of exposure employing Ethereum for their nefarious activities owing to security infrastructure like Infura’s IP address tracking for MetaMask transactions.
Zeroing in on the hackers' financial transactions, 0xScope investigators uncovered a money trail between addresses on both the BNB Smart Chain and Ethereum platforms. High-ranking addresses connected to NFT marketplace OpenSea users and Copper custody services. Revenue trails were daily refreshed across eighteen domains pinpointed to the hackers. Such a high level of sophistication makes EtherHiding challenging to detect and impede, the firm asserted.
Published At
10/20/2023 6:12:58 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.