"If you're a software developer looking for a job, North Korean scammers have an offer for you that's off the chain, the blockchain that is. These gangs have recently adopted a technique called EtherHiding, hiding malware inside blockchain smart contracts to sneak past detection and ultimately swipe victims' crypto and credentials, according to Google's Threat Intelligence team. A Pyongyang goon squad that GTIG tracks as UNC5342 has been using this method since February in its Contagious Interview campaign, we're told."
"To do this, they use EtherHiding, which involves embedding malicious code into a smart contract on a public blockchain, turning the blockchain into a decentralized and stealthy command-and-control server. Because it's decentralized, there isn't a central server for law enforcement to take down, and the blockchain makes it difficult to trace the identity of whoever deployed the smart contract. This also allows attackers to retrieve malicious payloads using read-only calls with no visible transaction history on the blockchain."
North Korean-linked cybercriminals embed malicious code into public blockchain smart contracts using EtherHiding to create decentralized command-and-control channels. They create convincing recruiter profiles on LinkedIn and job boards to target software developers, especially in cryptocurrency and tech, and lure victims into downloading malware disguised as coding tests. The smart contracts enable payload retrieval via read-only calls that leave no visible transaction history, complicating attribution and preventing centralized takedowns. The campaign facilitates credential and cryptocurrency theft and seeks long-term access to corporate networks. The technique repurposes blockchain features to provide resilient, stealthy hosting for malicious infrastructure.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]