"'EtherHiding' Blockchain Technique Hides Malicious Code in WordPress Sites"

A threat actor has been using blockchain technology to hide malicious code in a campaign involving fake browser updates that distribute malware, including RedLine, Amadey, and Lumma. Although the abuse of blockchain technology is typically seen in attacks targeting cryptocurrency, the EtherHiding technique shows how attackers can use it for other types of malicious activity. Over the past two months, Guardio researchers have been observing the campaign dubbed ClearFake, in which users are tricked into downloading malicious fake browser updates from at least 30 compromised WordPress sites. According to a recent post by Guardio, the campaign uses the EtherHiding method, which presents a novel twist on serving malicious code by using Binance Smart Chain (BSC) contracts from Binance to host parts of a malicious code chain in the next level of Bullet-Proof Hosting. This article continues to discuss findings regarding the EtherHiding technique.

Dark Reading reports "'EtherHiding' Blockchain Technique Hides Malicious Code in WordPress Sites"

Submitted by grigby1
 

Submitted by Gregory Rigby on