In a report issued on October 16, the Google Threat Intelligence Group alerted about the use of public blockchains to hide malware by nation-state threat actions, including North Korea.

The campaign uses a method called “EtherHiding,” which allows attackers to embed malicious code as part of a smart contract residing in public blockchains like Ethereum and BNB Chain. The method surged in 2023, but Google states that this is the first time that it has observed a state nation adopt it.

EtherHiding also encompasses the expected social engineering campaigns that include setting up fake companies and targeting job profiles linked to the cryptocurrency industry or to known cryptocurrency protocols.

The contagion happens when the interested parties are submitted to programming tests that include downloading infected tools, or through video meeting software downloads.

Google highlights that JADESNOW, a malware used by North Korea that leverages EtherHiding, shows the versatility of these blockchain-based tools. Examining it, the group found that the malicious contract has been updated over 20 times within the first four months, for $1.37 in gas fees per update.

“The low cost and frequency of these updates illustrate the attacker’s ability to easily change the campaign’s configuration.” Google declared.

The usage of this kind of technique, where blockchain is used as a distribution mechanism for malware, might prompt regulators to take a harsher approach to the adoption of these technologies.

While malware hosted in a remote server can be targeted and deleted, the immutability of blockchain means that security companies must seek other ways of preventing the spread, targeting API providers that allow transactions to move this code to victims.

Google’s group itself stated that this new approach implies “new challenges” as “smart contracts operate autonomously and cannot be shut down.”

Analysts expect the adoption of this kind of technique to keep growing in the future, and to be combined with other innovative processes to make them even more dangerous, targeting systems that handle blockchains or wallets directly.

• What recent threat did Google identify regarding public blockchains?
  Google reported that nation-state actors, including North Korea, are using a method called “EtherHiding” to embed malware within smart contracts on public blockchains like Ethereum and BNB Chain.

• How does the EtherHiding method work?
  EtherHiding allows attackers to hide malicious code within smart contracts and relies on social engineering tactics, such as creating fake companies to lure cryptocurrency-related job seekers.

• What specific malware has been associated with this new technique?
  The report highlighted JADESNOW, a North Korean malware that utilizes EtherHiding, showing frequent updates and low operational costs for altering its attack configuration.

• What implications does this technique have for blockchain regulation?
  As blockchain’s immutability complicates malware removal, regulators may seek stricter controls over blockchain technologies to mitigate the evolving threat of malware exploitation in cryptocurrency environments.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。