DeadLock Malware Exploits Polygon Smart Contracts to Hide
DeadLock ransomware uses Polygon smart contracts to dynamically rotate command-and-control addresses, making disruption difficult.Summary
Researchers at Group-IB have identified a new ransomware strain called DeadLock that stealthily uses Polygon smart contracts to manage and rotate its proxy server addresses. Although DeadLock currently has low exposure and few reported victims, its innovative technique of storing communication infrastructure on-chain makes it highly resilient, as there is no single central server to dismantle. Once encryption occurs, the malware demands a ransom and threatens to sell stolen data. This method of weaponizing smart contracts for C2 infrastructure is similar to a tactic called "EtherHiding," previously reported by Google and used by North Korean threat actors, demonstrating a growing trend in using blockchain immutability for malicious persistence.
(Source:Cointelegraph)