Threat actors have developed a technique known as ‘EtherHiding’ to distribute malicious scripts through Binance’s Smart Chain contracts. This method allows them to exploit the decentralized and anonymous nature of the blockchain, making it challenging to track and disrupt their activities.
This attack chain has been linked to the deployment of malware loaders such as IDAT Loader and HijackLoader , which serve as launchpads for various stealers and trojans . There are also tactical overlaps between the EtherHiding technique and another malware family called SocGholish, suggesting the possibility of one threat group being responsible for both.
The decentralized nature of the blockchain makes these attacks unblockable, and the attackers can easily change the command-and-control server address to evade blocks . Once a smart contract is deployed on the Binance Smart Chain, it operates autonomously and cannot be shut down .
To mitigate the problem , it is recommended to keep WordPress infrastructure and plugins updated , safeguard credentials , and monitor website activity . The impact of these attacks is significant, as they exploit the decentralized and anonymous nature of the blockchain to distribute malware. Future implications include the need for increased security measures and vigilance to protect against similar attacks in the future.