EtherHiding: A New Attack Vector
Cybersecurity experts have revealed that the new attack vector known as EtherHiding, which hides malicious code in blockchain smart contracts, has little to do with Ethereum.
As reported by Cointelegraph on Oct. 16, EtherHiding is a new way for hackers to embed malicious payloads into smart contracts in order to spread malware to unsuspecting victims.
It appears that these cybercriminals favor Binance’s BNB Smart Chain due to its lower costs, according to Joe Green, a security researcher from blockchain security firm CertiK.
EtherHiding is just one of many AI-driven techniques being used to detect fake websites, brave browser web 3.0 domains, and other malicious activities on the chain crypto. AI is also being used to generate fake content and detect fake content.
EtherHiding Attacks Utilize Binance Smart Contracts
Hackers have been utilizing EtherHiding attacks to compromise WordPress websites and inject code that pulls partial payloads buried in Binance smart contracts. This causes the website’s front end to be replaced with a fake update browser prompt, which when clicked, downloads the JavaScript payload from the Binance blockchain.
The actors frequently change the malware payloads and update website domains in order to evade detection, allowing them to continuously serve users fresh malware downloads disguised as browser updates, as explained by Green.
Security researchers at Web3 analytics firm 0xScope have suggested that this could be due to increased security-related scrutiny on Ethereum, as hackers may face higher risks of discovery by injecting their malicious code using Ethereum due to systems such as Infura’s IP address tracking for MetaMask transactions.
Detecting Fake Content on Web 3.0 Domains
0xScope recently tracked the money flow between hacker addresses on BNB Smart Chain and Ethereum, discovering key addresses linked to NFT marketplace OpenSea users and Copper custody services. The firm found that payloads were updated daily across 18 identified hacker domains, making it difficult to detect and stop EtherHiding.
The sophistication of these web 3.0 domains and the use of AI to detect fake content makes it hard to identify and prevent malicious activities. Brave Browser and OpenSea are leveraging AI to generate fake content and Copper custody services are using AI to detect fake content.
The 0xScope team concluded that it is essential to remain vigilant when it comes to the growth of crypto, as malicious activities on the web 3.0 can be detrimental to the industry.
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments