Security experts have discovered that, despite the term “EtherHiding,” the new attack vector that conceals harmful code in blockchain smart contracts has very little to do with Ethereum.
According to a report by Cointelegraph on October 16, EtherHiding is a new technique that criminals can use to cloak hazardous payloads inside smart contracts with the intention of spreading malware to unwitting victims.
It is known that these fraudsters favor using Binance’s BNB Smart Chain.
In an interview with Cointelegraph, Joe Green, a security researcher for blockchain security company CertiK, claimed that BNB Smart Chain’s lower expenses are mostly to blame for this:
“The handling fee of BSC is significantly lower than that of ETH, but the network speed and stability are the same because each JavaScript payload update is extremely inexpensive, indicating that there is no financial strain.”
Attackers using compromised WordPress websites launch EtherHiding attacks by injecting code that retrieves partial payloads concealed in Binance smart contracts. A phony update browser prompt is used in place of the website’s front end, and when it is clicked, it gets the JavaScript payload from the Binance blockchain.
In order to avoid detection, the actors often modify website domains and malware payloads. According to Green, this enables them to regularly provide victims with new malware downloads posing as browser upgrades.
Increased security-related attention on Ethereum, according to security researchers at Web3 analytics company 0xScope, may be another factor.
Although it is unclear that the EtherHiding hackers had ulterior intentions for choosing the BNB Smart Chain over other blockchains for their scheme, this increased security-related scrutiny of Ethereum is one possibility.
Due to technologies like Infura’s IP address tracking for MetaMask transactions, hackers may run a greater risk of being discovered when injecting their malicious code using Ethereum.
Increased security-related attention on Ethereum, according to security researchers at Web3 analytics company 0xScope, may be another factor.
Although it is unclear that the EtherHiding hackers had ulterior intentions for choosing the BNB Smart Chain over other blockchains for their scheme, this increased security-related scrutiny of Ethereum is one possibility.
Due to technologies like Infura’s IP address tracking for MetaMask transactions, hackers may run a greater risk of being discovered when injecting their malicious code using Ethereum.
