According to cybersecurity analysts at 0xScope and CertiK, threat actors are increasingly using BNB Smart Chain contracts as a preferred method for hiding malicious code. This is primarily due to the lower costs associated with BNB Smart Chain compared to Ethereum. The attackers compromise WordPress websites and inject code that pulls partial payloads from Binance smart contracts. The malware is disguised as browser updates, allowing the attackers to continuously distribute fresh malware downloads. One possible reason for using BNB Smart Chain over Ethereum is the increased security-related scrutiny on Ethereum, which may increase the risk of discovery for hackers. The sophistication of the EtherHiding attacks makes them difficult to detect and stop.
– Threat actors are using BNB Smart Chain contracts to hide malicious code.
– BNB Smart Chain is preferred due to its lower costs compared to Ethereum.
– Attackers compromise WordPress websites and inject code to distribute malware.
– Malware is disguised as browser updates.
– Using BNB Smart Chain may reduce the risk of discovery for hackers.
– EtherHiding attacks are difficult to detect and stop.