Cybersecurity researchers discovered that threat actors are hiding malicious payloads in Binance smart contracts, tricking victims into updating their browsers via fake prompts.
According to cybersecurity researchers, cybercriminals are using BNB Smart Chain smart contracts to spread malware, using a new method that leverages malicious prompts to trick victims into downloading the malware.
Researchers at Guardio Labs released a detailed analysis on October 15, shedding light on a technique known as “EtherHiding.” This method focuses on infiltrating WordPress websites by injecting code that retrieves fragmented data from blockchain contracts.
The hackers employ BSC smart contracts to conceal these payloads, essentially transforming them into covert, untraceable hosting platforms for this malicious data.
The attackers can alter the malicious code stored in the BSC smart contracts to update their attack methods as they see fit. In the latest attacks, victims have been prompted to update their browsers through fake landing pages and links.
The payload is a JavaScript file that retrieves more malicious code from the attacker’s domains, leading to a full website takeover. The attacker then displays fake browser update notifications that can infect a victim’s computer with malware. By adopting this method, threat actors gain the ability to alter the attack sequence effortlessly, replacing malicious code with each subsequent blockchain transaction, making their activities more evasive.
However, Mitigation proves to be a complex endeavor, as Nati Tal, who serves as the head of cybersecurity at Guardio Labs, and his colleague Oleg Zaytsev, a security researcher, stated. Once the infected smart contracts are created, they operate independently of any central authority. Binance can only rely on its developer community to identify and report malicious code in the contracts.
Guardio emphasized the importance of heightened vigilance for website proprietors employing WordPress, a platform that powers approximately 43% of all websites. He added:
“WordPress sites are so vulnerable and frequently compromised, as they serve as primary gateways for these threats to reach a vast pool of victims.”
The firm stated that the emergence of Web3 and blockchain has created new opportunities for malicious campaigns, due to the lack of oversight and regulation in these areas.
“Adaptive defenses are needed to counter these emerging threats,” it said.
Read also: NFTFi Extends Loan Durations; Adds ERC-1155 Support