Cybercriminals are spreading malware through hacked WordPress-based websites, using smart contracts on the BNB Chain (BSC) network to hide them. The new scheme has been dubbed EtherHiding.
Analysts at cybersecurity company Guardio Labs have discovered a new malware distribution method they’ve named EtherHiding. What makes this new ploy special is that hackers use BNB Chain (BSC) smart contracts to hide malicious code.
The EtherHiding method is most often used against sites running on WordPress. Analysts believe that the new type of attack is designed and implemented by hackers for this type of web resources. Attackers use compromised websites to upload malware that steals information, such as RedLine, Amadey, or Lumma.
The method involves embedding hidden JavaScript code into the software of compromised sites. This code allows hackers to modify any information on the website and display, for example, plausible landing pages with phishing links offering to update your browser.
Parts of the malicious code refer to data stored in smart contracts on the BSC network. This makes it possible for hackers to quickly modify individual code fragments with each new session, making them harder to detect. In essence, attackers use the blockchain network as an anonymous cloud storage platform. It becomes almost impossible to trace the source of the code once it has been modified due to decentralization mechanisms.
Solidus Labs analysts previously found that about one in eight smart contracts on the BNB Chain is fraudulent.