Пожалуйста, обратите внимание, что пользователь заблокирован
‘Etherhiding’ Blockchain Technique Hides Malware in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
www.darkreading.com
‘Etherhiding’ Blockchain Technique Hides Malicious Code in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
A threat actor has been abusing proprietary blockchain technology to hide malicious code in a campaign that uses fake browser updates to spread various malware, including the infostealers RedLine, Amadey, and Lumma.
While abuse of blockchain is typically seen in attacks aimed at stealing cryptocurrency—as the security technology is best known for protecting these transactions—EtherHiding demonstrates how attackers can leverage it for other types of malicious activity.
Researchers from Guardio have been tracking a campaign dubbed ClearFake over the last two months in which users are misled into downloading malicious fake browser updates from at least 30 highjacked WordPress sites.
The campaign uses a technique called "EtherHiding," which "presents a novel twist on serving malicious code" by using Binance Smart Chain (BSC) contracts from Binance--one of the world's largest cryptocurrency sites--to host parts of a malicious code chain "in what is the next level of Bullet-Proof Hosting," according to a recent post by Guardio.
"BSC is owned by Binance and focuses on contracts: coded agreements that execute actions automatically when certain conditions are met," Guardio explained in the post. "These contracts offer innovative ways to build applications and processes. Due to the publicly accessible and unchangeable nature of the blockchain, code can be hosted 'on-chain' without the ability for a takedown."
Attackers are leveraging this in their attack by hosting and serving malicious code in a manner that can't be blocked, making it difficult to stop the activity. "This campaign is up and harder than ever to detect and take down," according to the post.
Attackers turned to this tack when their initial method of hosing code on abused Cloudflare Worker hosts was taken down, the researchers noted. "They’ve quickly pivoted to take advantage of the decentralized, anonymous, and public nature of blockchain," according to the post.
‘Etherhiding’ Blockchain Technique Hides Malware in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
www.darkreading.com
‘Etherhiding’ Blockchain Technique Hides Malicious Code in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
A threat actor has been abusing proprietary blockchain technology to hide malicious code in a campaign that uses fake browser updates to spread various malware, including the infostealers RedLine, Amadey, and Lumma.
While abuse of blockchain is typically seen in attacks aimed at stealing cryptocurrency—as the security technology is best known for protecting these transactions—EtherHiding demonstrates how attackers can leverage it for other types of malicious activity.
Researchers from Guardio have been tracking a campaign dubbed ClearFake over the last two months in which users are misled into downloading malicious fake browser updates from at least 30 highjacked WordPress sites.
The campaign uses a technique called "EtherHiding," which "presents a novel twist on serving malicious code" by using Binance Smart Chain (BSC) contracts from Binance--one of the world's largest cryptocurrency sites--to host parts of a malicious code chain "in what is the next level of Bullet-Proof Hosting," according to a recent post by Guardio.
"BSC is owned by Binance and focuses on contracts: coded agreements that execute actions automatically when certain conditions are met," Guardio explained in the post. "These contracts offer innovative ways to build applications and processes. Due to the publicly accessible and unchangeable nature of the blockchain, code can be hosted 'on-chain' without the ability for a takedown."
Attackers are leveraging this in their attack by hosting and serving malicious code in a manner that can't be blocked, making it difficult to stop the activity. "This campaign is up and harder than ever to detect and take down," according to the post.
Attackers turned to this tack when their initial method of hosing code on abused Cloudflare Worker hosts was taken down, the researchers noted. "They’ve quickly pivoted to take advantage of the decentralized, anonymous, and public nature of blockchain," according to the post.