A report by EtherHiding showed hackers have discovered a new method for spreading malware to unsuspecting users, this time by manipulating BNB Smart Chain (BSC) smart contracts to conceal malware and propagate malicious code.
In a report published on October 15, security researchers at Guardio Labs described the “EtherHiding” technique, which involves compromising WordPress websites by injecting code that retrieves partial payloads from blockchain contracts.
The perpetrators conceal the payloads within BSC smart contracts, which serve as free anonymous hosting platforms for them.
The hackers can alter the code and attack methods at will. The most recent attacks have involved bogus browser updates, in which victims are prompted to update their browsers via a fake landing page and link.
The payload includes JavaScript that retrieves additional code from the domains of the adversary. This results in the eventual defacement of the entire site with bogus browser update notifications that distribute malware.
This strategy enables threat actors to modify the attack chain by exchanging malevolent code with every new blockchain transaction. According to Nati Tal, head of cybersecurity at Guardio Labs, and colleague security researcher Oleg Zaytsev, this makes mitigation difficult.
Once deployed, infected smart contracts operate independently. Binance can only rely on its developer community to identify and report malicious code in smart contracts.
Guardio stated that website owners utilizing WordPress, which powers approximately 43% of all websites, must be extra vigilant about their security practices.
“WordPress sites are so vulnerable and frequently compromised, as they serve as primary gateways for these threats to reach a vast pool of victims.”
The company concluded that Web3 and blockchain present new opportunities for unfettered malicious campaigns. “Adaptive defenses are required to combat these emerging threats,” the report stated.