Cybersecurity researchers have uncovered a new tactic employed by threat actors to disseminate malware by exploiting Binance Smart Chain (BSC) smart contracts. This method, known as “EtherHiding,” involves manipulating WordPress websites, injecting code to extract partial payloads from blockchain contracts. The attackers then conceal these payloads within BSC smart contracts, effectively using them as anonymous hosting platforms.
This approach allows the threat actors to constantly modify their attack chain, making it a challenging threat to mitigate. Nati Tal, Head of Cybersecurity at Guardio Labs, and fellow security researcher Oleg Zaytsev emphasized the difficulty in countering this emerging threat. Once infected smart contracts are deployed, they operate independently, leaving Binance to rely on its developer community to identify and flag malicious code in contracts when detected.
Guardio Labs advised website owners, particularly those using WordPress, which powers approximately 43% of all websites, to exercise extra vigilance in their security practices. WordPress websites are often compromised, serving as primary gateways for these threats to reach a wide pool of victims.
The firm concluded that the advent of Web3 and blockchain technologies has opened up new possibilities for malicious campaigns to operate unhindered. It stressed the need for adaptive defenses to counter these evolving threats.