Cybersecurity analysts reveal hackers prefer Binance’s BNB Smart Chain over Ethereum for EtherHiding attacks due to lower costs and reduced security scrutiny.
Key Takeaways
- EtherHiding, a new attack vector involving the hiding of malicious code in blockchain smart contracts, is not directly related to Ethereum.
- Cybersecurity analysts reveal that hackers tend to favor Binance’s BNB Smart Chain for these attacks due to lower costs.
- EtherHiding attacks are initiated by compromising WordPress websites, injecting code that extracts JavaScript payloads from Binance smart contracts.
- The use of BNB Smart Chain may also be driven by increased security scrutiny on Ethereum, making it riskier for hackers.
Cybersecurity analysts have shed light on a new threat called “EtherHiding,” a tactic where malicious code is concealed within blockchain smart contracts, despite its name suggesting a connection to Ethereum. This method allows bad actors to distribute malware to unsuspecting victims through clever concealment.
Hacker’s Perspective
According to reports on Oct. 16 by Cointelegraph, threat actors are increasingly turning to Binance’s BNB Smart Chain as their platform of choice for executing EtherHiding attacks. The primary reason behind this preference is the cost-effectiveness of BNB Smart Chain.
Blockchain security firm CertiK’s security researcher, Joe Green, explained that BNB Smart Chain offers significantly lower handling fees compared to Ethereum, while maintaining similar network stability and speed. The cost-efficient nature of BNB Smart Chain ensures minimal financial strain on attackers.
EtherHiding attacks typically begin with hackers compromising WordPress websites and injecting code that extracts partial payloads hidden within Binance smart contracts.
Subsequently, the website’s front end is replaced with a counterfeit browser update prompt. When users click on this prompt, it retrieves the JavaScript payload from the Binance blockchain.
Cybercriminals frequently alter the malware payloads and update website domains to avoid detection, allowing them to consistently serve users fresh malware disguised as browser updates.
EtherHiding: Why hackers may prefer Binance’s BNB Smart Chainhttps://t.co/2x6j2TwxNR
— John Morgan (@johnmorganFL) October 20, 2023
Additionally, Web3 analytics firm 0xScope’s security researchers suggest that the choice of BNB Smart Chain may be influenced by heightened security scrutiny on Ethereum.
Ethereum’s security measures, such as Infura’s IP address tracking for MetaMask transactions, pose a higher risk of exposure for hackers attempting to inject malicious code.
This increased vigilance on Ethereum could be driving hackers to seek less scrutinized alternatives like BNB Smart Chain for their illicit activities.
Let’s Review
The emergence of EtherHiding highlights the evolving tactics of cybercriminals within the blockchain space. While the name may suggest a connection to Ethereum, the preference for Binance’s BNB Smart Chain showcases the impact of cost-effectiveness and perceived lower security scrutiny in the choice of attack vector. As blockchain security continues to be a paramount concern, it’s crucial for users and platforms alike to remain vigilant against such threats and adopt robust security measures to protect against EtherHiding and similar attacks.
