"In a Thursday post, members of the Google Threat Intelligence Group said the technique provides the hackers with their own "bulletproof" host, a term that describes cloud platforms that are largely immune from takedowns by law enforcement and pressure from security researchers. More traditionally, these hosts are located in countries without treaties agreeing to enforce criminal laws from the US and other nations."
"Since February, Google researchers have observed two groups turning to a newer technique to infect targets with credential stealers and other forms of malware. The method, known as EtherHiding, embeds the malware in smart contracts, which are essentially apps that reside on blockchains for Ethereum and other cryptocurrencies. Two or more parties then enter into an agreement spelled out in the contract."
Hacking groups, including at least one aligned with the North Korean government, are embedding malware in public cryptocurrency blockchains by hiding malicious payloads inside smart contracts. The technique, called EtherHiding, stores malware within blockchain-based smart contracts that execute when contract conditions are met, creating immutable and decentralized hosting that is resistant to takedowns. This approach functions as inexpensive, next-generation bulletproof hosting compared with traditional cloud services in jurisdictions resistant to enforcement. The method enables delivery of credential stealers and other malware while leveraging blockchain immutability and decentralization to evade removal efforts and complicate attribution.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]