Security News > 2023 > October > Hackers use Binance Smart Chain contracts to store malicious scripts
Cybercriminals are employing a novel code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain contracts to hide malicious scripts in the blockchain.
The threat actors responsible for this campaign previously used compromised WordPress sites that redirected to Cloudflare Worker hosts for injecting malicious JavaScript into hacked websites, but later pivoted to abusing blockchain systems that provide a far more resilient and evasive distribution channel.
These script injections load the Binance Smart Chain JS library and fetch malicious scripts from the blockchain that then injected into the site.
Once the victim clicks the update button, they are directed to download a malicious executable from Dropbox or other legitimate hosting sites.
When one of their domains gets flagged, the attackers update the chain to swap out the malicious code and related domains, continuing the attack with minimal interruption.
Even reporting the address as malicious will not prevent it from distributing the malicious code when invoked.