North Korean Hackers Weaponize Blockchain in New ‘EtherHiding’ Campaign
North Korean hackers are using a new technique called EtherHiding to store and serve malware payloads within public blockchains like Ethereum.Summary
Google's Threat Intelligence Group (GTIG) reported that North Korean state-backed hackers have developed a new technique called EtherHiding, which weaponizes smart contracts and public blockchains like Ethereum and BNB Smart Chain to store malicious code payloads. This method leverages the immutable nature of blockchains, making the embedded code nearly impossible to remove or block. In practice, attackers compromise legitimate WordPress sites, insert a JavaScript 'loader' that retrieves the malware from the blockchain, often leaving no visible transaction trail. This tactic signals a strategic shift for North Korea from merely stealing crypto to using blockchain itself as a stealthy hosting mechanism, described as next-generation bulletproof hosting. Researchers warn that combining this with AI could increase future detection difficulty, especially as North Korean groups have already stolen over $1.5 billion in crypto this year to fund military programs.
(Source:BeInCrypto)