#unc5342 β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #unc5342, aggregated by home.social.
-
EtherHiding emerges as a malware delivery mechanism!
Google threat intelligence is reporting North Korean nation-state actor "UNC5342" is leveraging transactions on public blockchains to store and retrieve malicious payloads.
EtherHiding executes a social engineering campaign (fake job interviews, crypto games) as the initial compromise to lure developers β often those working in the cryptocurrency or tech industries β into downloading malware disguised as job-related files or coding challenges.
Once a target opens the file, a malicious script connects to a public blockchain like BNB Smart Chain or Ethereum, to retrieve encrypted code from a smart contract. That code installs a JadeSnow loader, which in turn delivers a more persistent backdoor known as InvisibleFerret that has been used in multiple cryptocurrency thefts.
https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding #Security #CyberSecurity #Hackers #CyberAttack #UNC5342 #Google #Malware #SmartContracts #Crypto #CryptoCurrency #EtherHiding #SocialEngineering #BlockChain
-
#NorthKorea|n #hackers, tracked as #UNC5342, are using the #EtherHiding technique to hide #malware on the #blockchain. This technique, first described by Guardio Labs, allows the threat actor to host #maliciousscripts within #smartcontracts on the Binance Smart Chain or Ethereum, making it difficult to track and disrupt campaigns. https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/?eicker.news #tech #media #news
-
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
#UNC5342 #BeaverTail #Tropidoor
https://asec.ahnlab.com/en/87299/