EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain
Despite the name “EtherHiding,” the new attack vector that hides malicious code in blockchain smart contracts doesn’t have much to do with Ethereum at all, cybersecurity analysts have revealed.
As reported by Cointelegraph on Oct. 16, EtherHiding has been discovered as a new way for bad actors to hide malicious payloads inside smart contracts, with the ultimate goal of distributing malware to unsuspecting victims.
These cybercriminals tend to prefer using Binance’s BNB Smart Chain , it is understood.
Speaking to Cointelegraph, a security researcher from blockchain security firm CertiK, Joe Green, said most of this is due to BNB Smart Chain’s lower costs:
“The handling fee of BSC is much cheaper than that of ETH, but the network stability and speed are the same because each update of JavaScript Payload is very cheap, meaning there’s no financial pressure.”
EtherHiding attacks are initiated by hackers compromising WordPress websites and injecting code that pulls partial payloads buried in Binance smart contracts. The website’s front end is replaced by a fake update browser prompt, which, when clicked, pulls the JavaScript payload from the Binance blockchain.
The actors frequently change the malware payloads and update website domains to evade detection. This allows them to continuously serve users fresh malware downloads disguised as browser updates, Green explained.
Screenshot of malware updates being deployed in BSC smart contract. Source: Certik
Another reason, according to security researchers at Web3 analytics firm 0xScope, could be because of increased security-related scrutiny on Ethereum.
“While we are unlikely to know the EtherHiding hacker’s true motives for using BNB Smart Chain over other blockchains for their scheme, one possible factor is the increased security-related scrutiny on Ethereum.”
Hackers may face higher risks of discovery by injecting their malicious code using Ethereum due to systems such as Infura’s IP address tracking for MetaMask transactions, they said.
Related: Crypto investors under attack by new malware, reveals Cisco Talos
The 0xScope team told Cointelegraph they recently tracked the money flow between hacker addresses on BNB Smart Chain and Ethereum.
Key addresses were linked to NFT marketplace OpenSea users and Copper custody services, it reported .
Payloads were updated daily across 18 identified hacker domains. This sophistication makes EtherHiding hard to detect and stop, the firm concluded.
Magazine: Should crypto projects ever negotiate with hackers? Probably
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
ZA Miner Introduces Free Cloud Mining Platform for Bitcoin and Dogecoin
ZA Miner, a UK-based cloud mining provider, has officially launched a new platform to make cryptocurrency mining more accessible to a broader audience.
OSC Warns of Surge in AI-Driven Crypto Scams as Canadian Fraud Losses Climb to $640 Million
According to the Globe and Mail report, the Ontario Securities Commission (OSC) is raising red flags over a sharp rise in cryptocurrency fraud across Canada, as scammers now weaponize artificial intelligence to swindle unsuspecting investors.
Arkansas City Planning Commission Rejects Crypto Mining Proposal Amid Strong Community Backlash
The Vilonia Planning Commission has unanimously turned down a proposed cryptocurrency mining facility within city limits, following weeks of vocal opposition from residents.
Bitcoin Climbs to $94,000 Driving Market Above $3 Trillion
Trending news
MoreCrypto prices
More
