Hackers use BNB Chain blockchain for attacks
Cybercriminals are using smart contracts in the BNB Chain network to hide and spread malware, according to Guardio Labs.
? Guardio Labs exposes \”EtherHiding\” — a new threat hiding in Binance’s Smart Chain, a technique that evades detection, targeting compromised WordPress sites. Read about this game-changing method! @BNBCHAIN #BNBChain #CyberSecurity https://t.co/alNI5KqKUO
— Guardio (@GuardioSecurity) October 15, 2023
Researchers described in a report the hacking technique called EtherHiding. The attack involves compromising WordPress sites by injecting JavaScript code that then extracts the payload from contracts on the blockchain.
This is a modified method of the previously detected ClearFake campaign. Attackers deployed code for the second stage of the attack on Cloudflare Workers, but the American company began blocking accounts, potentially hindering attempts to breach.
The hackers Web3-infrastructure from the supported Binance network BNB Chain. This provided them with nearly free, \”truly bulletproof hosting, backed by blockchain,\” the researchers stressed.
Attackers can easily and cheaply modify the code and, accordingly, the attack vector at will.
In one of the methods identified by researchers, victims are asked to update their browser to access the requested content. When following the link, the user downloads malware, infecting a computer from a hacker-controlled domain.
![\"Hackers](\"https://lh3.googleusercontent.com/j9M_46CQXm45i-N9WTdxUOfeqCOxDhl-RR-_MTEEjkjkkw-o0Z3Dg2fNqoaD_fmoWVfNM-NZxLXkf0ro646PGF0eP3Rh_hAChgbaWl8Hng19QvTstryqUK4Y8S7U-f6h6_QOSPAPoEYDniPYbQluEbY\")
The attackers have the ability to modify the attack chain by changing a single blockchain transaction, costing roughly between $0.2 and $0.6.
![\"Example](\"https://lh6.googleusercontent.com/LRqIgD1Ea_fT3IF1VUZodETHU3JtS1_do6TS4qoD1Gp7l_Ae1BO4QJA0S_W6Al5U8OxOaD-8KHBddho4zyo0WHQgVl461okTwU29ViylnaxMX2wDDg_NwLqNZ975Cktv58MrMim6NPsZWcnDw1RQ41w\")
Experts noted that after deployment in the network, contracts run autonomously, and all that BNB Chain developers can do is mark them as malicious. Yet it is clear there is currently no way to stop hackers from spreading their software on this path, the experts stressed.
![\"Example](\"https://lh4.googleusercontent.com/zhQvkD-c2IjwmEwZP4kWFeDDgaFZfgqnV52ecK4dlhbSsgUMafHvWmBOEvat4Qhu_NBoNQ7zoNGChtIe4-FbVPhsY3uZ1Vhr0evupPJ4CtYSbw0xvEywUbF6IJzzFHfxlH-BAkX4roGLoLl1etNUD9E\")
Experts noted that WordPress sites serve as the main gateway for such attacks. They recommended owners take all possible precautions, keeping plugins up to date, changing passwords, and simply \”watching what happens on the site.\”
Researchers noted that the use of blockchain poses new challenges for preventing malware distribution, excluding traditional provider-based blocking.
\n
\”While Web 3.0 promises innovation, attackers continually adapt, using its advantages for nefarious purposes. As for Binance, we cannot blame them, since the data is free for everyone, and anyone can verify and detect the danger,\” the experts concluded.
\n
\n\n
In September, hackers attacked Russian Binance clients via phishing app campaigns to bypass P2P trading restrictions.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!