Despite the name “EtherHiding,” the new attack vector that hides malicious code in blockchain smart contracts doesn’t have much to do with Ethereum at all, cybersecurity analysts have revealed.
EtherHiding has been discovered as a new way for bad actors to hide malicious payloads inside smart contracts, with the ultimate goal of distributing malware to unsuspecting victims.
These cybercriminals tend to prefer using Binance’s BNB Smart Chain, it is understood.
Speaking to Cointelegraph, a security researcher from blockchain security firm CertiK, Joe Green, said most of this is due to BNB Smart Chain’s lower costs:
“The handling fee of BSC is much cheaper than that of ETH, but the network stability and speed are the same because each update of JavaScript Payload is very cheap, meaning there’s no financial pressure.”
EtherHiding attacks are initiated by hackers compromising WordPress websites and injecting code that pulls partial payloads buried in Binance smart contracts. The website’s front end is replaced by a fake update browser prompt, which, when clicked, pulls the JavaScript payload from the Binance blockchain.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit