News

‘EtherHiding’ Hack Extorts WordPress Users via the Binance Blockchain

single-image

Guardio Labs researchers have uncovered a new attack called as ‘EtherHiding,’ which combines Binance Smart Chain and Bullet-Proof Hosting to serve malicious code into victims’ web browsers.

Stay in the know on crypto by frequently visiting Crypto News Today

Unlike an earlier set of false update hacks that targeted WordPress, this variant employs a new tool: Binance’s blockchain. Previously, non-blockchain variations would interrupt a webpage visit with a realistic-looking, browser-styled ‘Update’ prompt. A victim’s mouse click installed malware.

Advertisement

Hackers can serve a catastrophic payload of code directly from Binance Smart Chain due to its cheap, quick, and weakly policed programmability.

This is not a MetaMask assault, to be clear. Hackers simply serve malicious code within victims’ web browsers that looks like any webpage the hacker desires – hosted and served indefinitely. Hackers attack victims for various extortion scams using Binance’s blockchain to serve code. Indeed, EtherHiding targets victims who have no cryptocurrency holdings.

Advertisement

Using a Browser Hijack to Steal Personal Information

Fake browser updates have become increasingly common in recent months. Unwary internet users come to a plausible, surreptitiously compromised website. They notice a bogus browser update and inadvertently click ‘Update.’ Hackers immediately install malware such as RedLine, Amadey, or Lumma. This sort of malware, known as a ‘infostealer,’ frequently conceals through Trojan attacks that appear to be legal software on the surface.

CryptoCaster Quick Check:

ClearFake, a more powerful infostealer, is used in the EtherHiding version of these WordPress-based update attacks. EtherHiding injects JS code into the machines of unwary consumers using ClearFake.

Some code in a previous version of ClearFake relied on CloudFlare servers. CloudFlare noticed and removed the malicious code, which rendered some of the ClearFake assault inoperable.

Advertisement
Follow GappyCoin PreSale on Twitter, and ReCap for information and more.

Unfortunately, the attackers have discovered how to avoid cybersecurity-minded sites such as CloudFlare. Binance proved to be an ideal host.

The EtherHiding hack famously redirects its traffic to Binance servers. It employs obfuscated Base64 code to query Binance Smart Chain (BSC) and initialize a BSC contract with an address controlled by the attackers. It specifically calls some software development kits (SDKs), such as Binance’s eth_call, which simulate contract execution and can be used to call malicious code.

As Guardio Labs researchers stated in their Medium postings, Binance may avoid this issue by limiting queries to fraudulent addresses or removing the eth_call SDK.

Binance, for its part, has marked some ClearFake smart contracts as malicious on BSCScan, the leading Binance Smart Chain explorer. It notifies blockchain explorers that the addresses used by the attacker are part of a phishing attack.

It does, however, provide very little valuable information regarding the attack’s form. Specifically, BSCScan does not provide warnings to victims where the hacks occur: within their web browsers.

Tips for avoiding EtherHiding in web browsers

With one-quarter of all websites utilizing WordPress, the software has become known for being a target for attackers.

  • Unfortunately, around one-fifth of WordPress websites have not been updated to the most recent version, exposing Internet users to malware such as EtherHiding.
  • Site managers should put in place strong security measures such as password protection, deleting hacked plugins, protecting passwords, and limiting admin access.
  • WordPress administrators should upgrade WordPress and its plugins on a daily basis and avoid installing vulnerable plugins.
  • WordPress administrators should likewise avoid using the login ‘admin’ for their management accounts.

Aside from that, the EtherHiding/ClearFake assault is impossible to counter. Internet users should simply be cautious of any unexpected ‘Your browser requires updating’ message, particularly when visiting a WordPress-powered website. Users should only upgrade their browser from the settings menu, not by clicking a button on a website, no matter how realistic it appears.CRYPTOCASTER® - DECENTRALIZED FREEDOM!


W

e hope you enjoyed this article. Before you move on, we invite you to consider supporting CryptoCaster’s journalism.

Billionaire owners like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase) often have a strong influence on the hidden agendas surrounding the paradigm shift brought about by cryptocurrency and emerging Web3 technologies. CryptoCaster stands apart. We have no billionaire owner or shareholders to please. Our journalism is dedicated to serving the public interest in crypto development and institutional disruptions, not profit motives.

We avoid the pitfall of much U.S. and global media, which often resorts to false equivalence in the name of neutrality and retail consumer protection. While fairness and transparency guide everything we do, we recognize that there is a right and wrong stance in the fight against fiat global banking interests and the monetary reconstruction driven by the emerging crypto ecology.

When we report on issues like the FTX, Binance, and Ripple crises, we’re not afraid to name names and uncover the truth. As a crypto sentinel, we offer a fresh, outsider perspective on global monetary disruption—something often missing from the insular American and European media bubble.

CryptoCaster’s paywall-free journalism is accessible worldwide thanks to our unique reader-supported model. This is made possible by readers like you. Your support keeps us independent, free from outside influence, and accessible to everyone, regardless of their ability to pay for news and information.

We are grateful for the ongoing monetary support from our readers. If you haven’t yet considered supporting CryptoCaster, please consider contributing just once from $1 or more in Bitcoin (satoshi) or Ether, or even better, support us monthly with a bit more. Scroll further down this page to find CryptoCaster’s wallet addresses.

Thank you.

Kristin Steinbeck
Editor, CryptoCaster


Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.


Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
SOL – DLvdMu85dW6pZMhw2E4S3pp81qQQGpy5UcdTsFEFBu4b
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt


CRYPTOCASTER HEATMAP


You may also like