#etherhiding — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #etherhiding, aggregated by home.social.
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
An intrusion was observed in April 2026 where threat actors deployed EtherRAT malware through a malicious MSI installer disguised as a Sysinternals tool. The malware utilized Ethereum blockchain via EtherHiding for dynamic C2 configuration updates. Following reconnaissance activities, actors deployed TukTuk malware framework using DLL sideloading techniques with legitimate applications like Greenshot and SyncTrayzor. TukTuk established C2 channels through SaaS platforms including ClickHouse and Supabase, with backup channels via Ably, Dropbox, and GitHub Issues. The actors performed Kerberoasting, credential theft via Mimikatz and LSASS dumping, and deployed GoTo Resolve RMM tooling for lateral movement. Data exfiltration to Wasabi cloud storage was conducted using Rclone before deploying The Gentlemen ransomware domain-wide through a malicious GPO. The intrusion leveraged blockchain infrastructure, SaaS platforms, and decentralized services to evade traditional network defenses.
Pulse ID: 6a0200aec25a59a6b9d4edcf
Pulse Link: https://otx.alienvault.com/pulse/6a0200aec25a59a6b9d4edcf
Pulse Author: AlienVault
Created: 2026-05-11 16:15:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Cloud #CyberSecurity #Dropbox #EtherHiding #GitHub #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RansomWare #Rclone #SideLoading #UK #bot #AlienVault
-
Malware Bypasses Browser Application-Bound Encryption Protections
A sophisticated 64-bit information-stealing malware named Remus has emerged as a direct evolution of the notorious Lumma Stealer. Following the doxxing of alleged Lumma core members between August and October 2025, developers created this advanced variant, with test builds appearing in September 2025 and live campaigns starting February 2026. Remus employs innovative techniques including injecting custom 51-byte shellcode into browser memory to extract protected master keys, bypassing Application-Bound Encryption in Chromium-based browsers. The malware utilizes EtherHiding through Ethereum smart contracts for command-and-control resolution, making infrastructure takedowns nearly impossible. It targets browser credentials, session cookies, and cryptocurrency wallets while implementing rigorous anti-analysis checks to evade security research environments.
Pulse ID: 69fb17376737204f3abf5eaf
Pulse Link: https://otx.alienvault.com/pulse/69fb17376737204f3abf5eaf
Pulse Author: AlienVault
Created: 2026-05-06 10:25:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Encryption #EtherHiding #InfoSec #LummaStealer #Malware #OTX #OpenThreatExchange #ShellCode #bot #cryptocurrency #developers #doxxing #AlienVault
-
Malware Bypasses Browser Application-Bound Encryption Protections
A sophisticated 64-bit information-stealing malware named Remus has emerged as a direct evolution of the notorious Lumma Stealer. Following the doxxing of alleged Lumma core members between August and October 2025, developers created this advanced variant, with test builds appearing in September 2025 and live campaigns starting February 2026. Remus employs innovative techniques including injecting custom 51-byte shellcode into browser memory to extract protected master keys, bypassing Application-Bound Encryption in Chromium-based browsers. The malware utilizes EtherHiding through Ethereum smart contracts for command-and-control resolution, making infrastructure takedowns nearly impossible. It targets browser credentials, session cookies, and cryptocurrency wallets while implementing rigorous anti-analysis checks to evade security research environments.
Pulse ID: 69fb17376737204f3abf5eaf
Pulse Link: https://otx.alienvault.com/pulse/69fb17376737204f3abf5eaf
Pulse Author: AlienVault
Created: 2026-05-06 10:25:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Encryption #EtherHiding #InfoSec #LummaStealer #Malware #OTX #OpenThreatExchange #ShellCode #bot #cryptocurrency #developers #doxxing #AlienVault
-
Malware Bypasses Browser Application-Bound Encryption Protections
A sophisticated 64-bit information-stealing malware named Remus has emerged as a direct evolution of the notorious Lumma Stealer. Following the doxxing of alleged Lumma core members between August and October 2025, developers created this advanced variant, with test builds appearing in September 2025 and live campaigns starting February 2026. Remus employs innovative techniques including injecting custom 51-byte shellcode into browser memory to extract protected master keys, bypassing Application-Bound Encryption in Chromium-based browsers. The malware utilizes EtherHiding through Ethereum smart contracts for command-and-control resolution, making infrastructure takedowns nearly impossible. It targets browser credentials, session cookies, and cryptocurrency wallets while implementing rigorous anti-analysis checks to evade security research environments.
Pulse ID: 69fb17376737204f3abf5eaf
Pulse Link: https://otx.alienvault.com/pulse/69fb17376737204f3abf5eaf
Pulse Author: AlienVault
Created: 2026-05-06 10:25:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Encryption #EtherHiding #InfoSec #LummaStealer #Malware #OTX #OpenThreatExchange #ShellCode #bot #cryptocurrency #developers #doxxing #AlienVault
-
Malware Bypasses Browser Application-Bound Encryption Protections
A sophisticated 64-bit information-stealing malware named Remus has emerged as a direct evolution of the notorious Lumma Stealer. Following the doxxing of alleged Lumma core members between August and October 2025, developers created this advanced variant, with test builds appearing in September 2025 and live campaigns starting February 2026. Remus employs innovative techniques including injecting custom 51-byte shellcode into browser memory to extract protected master keys, bypassing Application-Bound Encryption in Chromium-based browsers. The malware utilizes EtherHiding through Ethereum smart contracts for command-and-control resolution, making infrastructure takedowns nearly impossible. It targets browser credentials, session cookies, and cryptocurrency wallets while implementing rigorous anti-analysis checks to evade security research environments.
Pulse ID: 69fb17376737204f3abf5eaf
Pulse Link: https://otx.alienvault.com/pulse/69fb17376737204f3abf5eaf
Pulse Author: AlienVault
Created: 2026-05-06 10:25:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Encryption #EtherHiding #InfoSec #LummaStealer #Malware #OTX #OpenThreatExchange #ShellCode #bot #cryptocurrency #developers #doxxing #AlienVault
-
Malware Bypasses Browser Application-Bound Encryption Protections
A sophisticated 64-bit information-stealing malware named Remus has emerged as a direct evolution of the notorious Lumma Stealer. Following the doxxing of alleged Lumma core members between August and October 2025, developers created this advanced variant, with test builds appearing in September 2025 and live campaigns starting February 2026. Remus employs innovative techniques including injecting custom 51-byte shellcode into browser memory to extract protected master keys, bypassing Application-Bound Encryption in Chromium-based browsers. The malware utilizes EtherHiding through Ethereum smart contracts for command-and-control resolution, making infrastructure takedowns nearly impossible. It targets browser credentials, session cookies, and cryptocurrency wallets while implementing rigorous anti-analysis checks to evade security research environments.
Pulse ID: 69fb17376737204f3abf5eaf
Pulse Link: https://otx.alienvault.com/pulse/69fb17376737204f3abf5eaf
Pulse Author: AlienVault
Created: 2026-05-06 10:25:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Encryption #EtherHiding #InfoSec #LummaStealer #Malware #OTX #OpenThreatExchange #ShellCode #bot #cryptocurrency #developers #doxxing #AlienVault
-
Une méthode inédite, baptisée « #EtherHiding », transforme la #blockchain de #cryptomonnaies #Ethereum en arsenal offensif. Les #chercheurs en #cybersécurité de #Google tirent la sonnette d' #alarme face à cette escalade #technologique
-
Une méthode inédite, baptisée « #EtherHiding », transforme la #blockchain de #cryptomonnaies #Ethereum en arsenal offensif. Les #chercheurs en #cybersécurité de #Google tirent la sonnette d' #alarme face à cette escalade #technologique
-
Une méthode inédite, baptisée « #EtherHiding », transforme la #blockchain de #cryptomonnaies #Ethereum en arsenal offensif. Les #chercheurs en #cybersécurité de #Google tirent la sonnette d' #alarme face à cette escalade #technologique
-
Une méthode inédite, baptisée « #EtherHiding », transforme la #blockchain de #cryptomonnaies #Ethereum en arsenal offensif. Les #chercheurs en #cybersécurité de #Google tirent la sonnette d' #alarme face à cette escalade #technologique
-
Une méthode inédite, baptisée « #EtherHiding », transforme la #blockchain de #cryptomonnaies #Ethereum en arsenal offensif. Les #chercheurs en #cybersécurité de #Google tirent la sonnette d' #alarme face à cette escalade #technologique
-
Une méthode inédite, baptisée « #EtherHiding », transforme la #blockchain de #cryptomonnaies #Ethereum en arsenal offensif. Les #chercheurs en #cybersécurité de #Google tirent la sonnette d' #alarme face à cette escalade #technologique www.futura-sciences.com/tech/actuali...
La blockchain n’est plus sûre ... -
Une méthode inédite, baptisée « #EtherHiding », transforme la #blockchain de #cryptomonnaies #Ethereum en arsenal offensif. Les #chercheurs en #cybersécurité de #Google tirent la sonnette d' #alarme face à cette escalade #technologique www.futura-sciences.com/tech/actuali...
La blockchain n’est plus sûre ... -
EtherHiding emerges as a malware delivery mechanism!
Google threat intelligence is reporting North Korean nation-state actor "UNC5342" is leveraging transactions on public blockchains to store and retrieve malicious payloads.
EtherHiding executes a social engineering campaign (fake job interviews, crypto games) as the initial compromise to lure developers — often those working in the cryptocurrency or tech industries — into downloading malware disguised as job-related files or coding challenges.
Once a target opens the file, a malicious script connects to a public blockchain like BNB Smart Chain or Ethereum, to retrieve encrypted code from a smart contract. That code installs a JadeSnow loader, which in turn delivers a more persistent backdoor known as InvisibleFerret that has been used in multiple cryptocurrency thefts.
https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding #Security #CyberSecurity #Hackers #CyberAttack #UNC5342 #Google #Malware #SmartContracts #Crypto #CryptoCurrency #EtherHiding #SocialEngineering #BlockChain
-
EtherHiding emerges as a malware delivery mechanism!
Google threat intelligence is reporting North Korean nation-state actor "UNC5342" is leveraging transactions on public blockchains to store and retrieve malicious payloads.
EtherHiding executes a social engineering campaign (fake job interviews, crypto games) as the initial compromise to lure developers — often those working in the cryptocurrency or tech industries — into downloading malware disguised as job-related files or coding challenges.
Once a target opens the file, a malicious script connects to a public blockchain like BNB Smart Chain or Ethereum, to retrieve encrypted code from a smart contract. That code installs a JadeSnow loader, which in turn delivers a more persistent backdoor known as InvisibleFerret that has been used in multiple cryptocurrency thefts.
https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding #Security #CyberSecurity #Hackers #CyberAttack #UNC5342 #Google #Malware #SmartContracts #Crypto #CryptoCurrency #EtherHiding #SocialEngineering #BlockChain
-
EtherHiding emerges as a malware delivery mechanism!
Google threat intelligence is reporting North Korean nation-state actor "UNC5342" is leveraging transactions on public blockchains to store and retrieve malicious payloads.
EtherHiding executes a social engineering campaign (fake job interviews, crypto games) as the initial compromise to lure developers — often those working in the cryptocurrency or tech industries — into downloading malware disguised as job-related files or coding challenges.
Once a target opens the file, a malicious script connects to a public blockchain like BNB Smart Chain or Ethereum, to retrieve encrypted code from a smart contract. That code installs a JadeSnow loader, which in turn delivers a more persistent backdoor known as InvisibleFerret that has been used in multiple cryptocurrency thefts.
https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding #Security #CyberSecurity #Hackers #CyberAttack #UNC5342 #Google #Malware #SmartContracts #Crypto #CryptoCurrency #EtherHiding #SocialEngineering #BlockChain
-
EtherHiding emerges as a malware delivery mechanism!
Google threat intelligence is reporting North Korean nation-state actor "UNC5342" is leveraging transactions on public blockchains to store and retrieve malicious payloads.
EtherHiding executes a social engineering campaign (fake job interviews, crypto games) as the initial compromise to lure developers — often those working in the cryptocurrency or tech industries — into downloading malware disguised as job-related files or coding challenges.
Once a target opens the file, a malicious script connects to a public blockchain like BNB Smart Chain or Ethereum, to retrieve encrypted code from a smart contract. That code installs a JadeSnow loader, which in turn delivers a more persistent backdoor known as InvisibleFerret that has been used in multiple cryptocurrency thefts.
https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding #Security #CyberSecurity #Hackers #CyberAttack #UNC5342 #Google #Malware #SmartContracts #Crypto #CryptoCurrency #EtherHiding #SocialEngineering #BlockChain
-
North Korean state-sponsored hackers are embedding malware within public blockchains to steal cryptocurrency, a technique called "EtherHiding." Malicious JavaScript payloads are hidden inside smart contracts, making them effectively unremovable.
Read more: https://www.tomshardware.com/tech-industry/cyber-security/north-korea-hiding-malware-inside-blockchain-smart-contracts
#Cybersecurity #Malware #NorthKorea #Hacking #Blockchain #Crypto #Cryptocurrency #EtherHiding #SmartContracts #CyberAttack #TechNews -
#NorthKorea|n #hackers, tracked as #UNC5342, are using the #EtherHiding technique to hide #malware on the #blockchain. This technique, first described by Guardio Labs, allows the threat actor to host #maliciousscripts within #smartcontracts on the Binance Smart Chain or Ethereum, making it difficult to track and disrupt campaigns. https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/?eicker.news #tech #media #news
-
#NorthKorea|n #hackers, tracked as #UNC5342, are using the #EtherHiding technique to hide #malware on the #blockchain. This technique, first described by Guardio Labs, allows the threat actor to host #maliciousscripts within #smartcontracts on the Binance Smart Chain or Ethereum, making it difficult to track and disrupt campaigns. https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/?eicker.news #tech #media #news
-
#NorthKorea|n #hackers, tracked as #UNC5342, are using the #EtherHiding technique to hide #malware on the #blockchain. This technique, first described by Guardio Labs, allows the threat actor to host #maliciousscripts within #smartcontracts on the Binance Smart Chain or Ethereum, making it difficult to track and disrupt campaigns. https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/?eicker.news #tech #media #news
-
#NorthKorea|n #hackers, tracked as #UNC5342, are using the #EtherHiding technique to hide #malware on the #blockchain. This technique, first described by Guardio Labs, allows the threat actor to host #maliciousscripts within #smartcontracts on the Binance Smart Chain or Ethereum, making it difficult to track and disrupt campaigns. https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/?eicker.news #tech #media #news
-
#NorthKorea|n #hackers, tracked as #UNC5342, are using the #EtherHiding technique to hide #malware on the #blockchain. This technique, first described by Guardio Labs, allows the threat actor to host #maliciousscripts within #smartcontracts on the Binance Smart Chain or Ethereum, making it difficult to track and disrupt campaigns. https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/?eicker.news #tech #media #news
-
North Korean Hackers Use ‘EtherHiding’ to Spread Malicious Crypto Wallets, Mandiant Warns - TLDR:
DPRK hackers use EtherHiding to embed malicious scripts within blockchain smart co... - https://blockonomi.com/north-korean-hackers-use-etherhiding-to-spread-malicious-crypto-wallets-mandiant-warns/ #blockchainsecurity #binancesmartchain #wordpressattacks #cryptophishing #cryptowallets #cybersecurity #dprkhackers #etherhiding #security #mandiant #crime #apt43
-
North Korean Hackers Use ‘EtherHiding’ to Spread Malicious Crypto Wallets, Mandiant Warns - TLDR:
DPRK hackers use EtherHiding to embed malicious scripts within blockchain smart co... - https://blockonomi.com/north-korean-hackers-use-etherhiding-to-spread-malicious-crypto-wallets-mandiant-warns/ #blockchainsecurity #binancesmartchain #wordpressattacks #cryptophishing #cryptowallets #cybersecurity #dprkhackers #etherhiding #security #mandiant #crime #apt43
-
North Korean Hackers Use ‘EtherHiding’ to Spread Malicious Crypto Wallets, Mandiant Warns - TLDR:
DPRK hackers use EtherHiding to embed malicious scripts within blockchain smart co... - https://blockonomi.com/north-korean-hackers-use-etherhiding-to-spread-malicious-crypto-wallets-mandiant-warns/ #blockchainsecurity #binancesmartchain #wordpressattacks #cryptophishing #cryptowallets #cybersecurity #dprkhackers #etherhiding #security #mandiant #crime #apt43
-
North Korean Hackers Use ‘EtherHiding’ to Spread Malicious Crypto Wallets, Mandiant Warns - TLDR:
DPRK hackers use EtherHiding to embed malicious scripts within blockchain smart co... - https://blockonomi.com/north-korean-hackers-use-etherhiding-to-spread-malicious-crypto-wallets-mandiant-warns/ #blockchainsecurity #binancesmartchain #wordpressattacks #cryptophishing #cryptowallets #cybersecurity #dprkhackers #etherhiding #security #mandiant #crime #apt43
-
North Korean hackers are taking stealth to a new level: embedding malware into blockchain smart contracts and tricking devs with fake job interviews. Are we ready for a world where your next code review could be a trap?
#etherhiding
#northkoreanhackers
#blockchainsecurity
#malwaredistribution
#smartcontracts
#cyberthreats
#socialengineering
#infosec -
North Korean hackers are taking stealth to a new level: embedding malware into blockchain smart contracts and tricking devs with fake job interviews. Are we ready for a world where your next code review could be a trap?
#etherhiding
#northkoreanhackers
#blockchainsecurity
#malwaredistribution
#smartcontracts
#cyberthreats
#socialengineering
#infosec -
North Korean hackers are taking stealth to a new level: embedding malware into blockchain smart contracts and tricking devs with fake job interviews. Are we ready for a world where your next code review could be a trap?
#etherhiding
#northkoreanhackers
#blockchainsecurity
#malwaredistribution
#smartcontracts
#cyberthreats
#socialengineering
#infosec -
North Korean hackers are taking stealth to a new level: embedding malware into blockchain smart contracts and tricking devs with fake job interviews. Are we ready for a world where your next code review could be a trap?
#etherhiding
#northkoreanhackers
#blockchainsecurity
#malwaredistribution
#smartcontracts
#cyberthreats
#socialengineering
#infosec -
TDR analysts published an analysis of the new #ClearFake variant that relies on compromised websites injected with the malicious JavaScript framework, the #EtherHiding technique, and the #ClickFix social engineering tactic.
-
#etherhiding (hiding malicious code in blockchain based smart contracts) is not only by #ClearFake related actors – but now also for #Magecart 👇
-
#etherhiding (hiding malicious code in blockchain based smart contracts) is not only by #ClearFake related actors – but now also for #Magecart 👇
-
#etherhiding (hiding malicious code in blockchain based smart contracts) is not only by #ClearFake related actors – but now also for #Magecart 👇
-
#etherhiding (hiding malicious code in blockchain based smart contracts) is not only by #ClearFake related actors – but now also for #Magecart 👇
-
Вредоносный код навсегда сохранили в блокчейне
Один из старых хакерских трюков — распространять вредоносное ПО под видом обновления браузера . На взломанном сайте размещается плашка с утверждением, что для просмотра нужно обновить браузер. И кнопка для скачивания обновления, как на скриншоте с прошлогодней атаки ClearFake . Таким образом, жертва самостоятельно устанавливает вредоносное ПО на свой компьютер. В прошлом году злоумышленники разработали умный способ защитить вредоносный софт от уничтожения. Они разместили его в децентрализованном анонимном блокчейне . То есть интегрировали код в смарт-контракт, который навечно сохранился в открытом доступе.
https://habr.com/ru/companies/globalsign/articles/878822/
#блокчейн #обновление_браузера #BSC #Binance_Smart_Chain #Binance #BNB #WordPress #ClearFake #BscScan #EtherHiding
-
Cybersecurity Experts Warn of Rising Malware Threats from Sophisticated Social Engineering Tactics https://thecyberexpress.com/ta571-and-clearfake-campaigns/ #TheCyberExpressNews #CybersecurityNews #ClearFakecampaign #PowerShellscripts #TheCyberExpress #FirewallDaily #EtherHiding #ClearFake #TA571
-
Cybersecurity Experts Warn of Rising Malware Threats from Sophisticated Social Engineering Tactics https://thecyberexpress.com/ta571-and-clearfake-campaigns/ #TheCyberExpressNews #CybersecurityNews #ClearFakecampaign #PowerShellscripts #TheCyberExpress #FirewallDaily #EtherHiding #ClearFake #TA571
-
Cybersecurity Experts Warn of Rising Malware Threats from Sophisticated Social Engineering Tactics https://thecyberexpress.com/ta571-and-clearfake-campaigns/ #TheCyberExpressNews #CybersecurityNews #ClearFakecampaign #PowerShellscripts #TheCyberExpress #FirewallDaily #EtherHiding #ClearFake #TA571
-
Cybersecurity Experts Warn of Rising Malware Threats from Sophisticated Social Engineering Tactics https://thecyberexpress.com/ta571-and-clearfake-campaigns/ #TheCyberExpressNews #CybersecurityNews #ClearFakecampaign #PowerShellscripts #TheCyberExpress #FirewallDaily #EtherHiding #ClearFake #TA571
-
@rmceoin #etherhiding is the new blockchain-powered version of #clearfake
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16 -
EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain - According to cybersecurity analysts at 0xScope and CertiK, threat... - https://cointelegraph.com/news/ether-hiding-why-hackers-prefer-binance-bnb-smart-chain #smartcontracts #etherhiding #wordpress #bnbchain #malware #hackers #scams #bsc