“EtherHiding” Malware Campaign Targets Binance’s Smart Chain on WordPress

    A new malware campaign called EtherHiding has been detected, in which threat actors are using Binance’s Smart Chain (BSC) contracts to serve malicious code. This technique, known as “next level bulletproof hosting,” allows the attackers to exploit the decentralized and public nature of blockchain to evade detection and take down attempts. The campaign involves compromising WordPress sites and tricking visitors into thinking they need to update their browsers, leading to the installation of information-stealing malware. The infected sites are injected with obfuscated JavaScript that creates a smart contract on the BNB Smart Chain, allowing the attackers to fetch a payload from a command-and-control server. Victims who click the update button are redirected to download a malicious executable. While the malicious contract has been identified as part of a phishing scheme, its decentralized nature makes it difficult to disrupt the attack. Users of WordPress are advised to follow security best practices, keep their systems updated, remove unnecessary admin users, and use strong passwords to protect against these types of attacks.

    Latest articles

    Related articles