Guardio Labs researchers have uncovered a new attack called as ‘EtherHiding,’ which combines Binance Smart Chain and Bullet-Proof Hosting to serve malicious code into victims’ web browsers.
Stay in the know on crypto by frequently visiting Crypto News Today
Unlike an earlier set of false update hacks that targeted WordPress, this variant employs a new tool: Binance’s blockchain. Previously, non-blockchain variations would interrupt a webpage visit with a realistic-looking, browser-styled ‘Update’ prompt. A victim’s mouse click installed malware.
Hackers can serve a catastrophic payload of code directly from Binance Smart Chain due to its cheap, quick, and weakly policed programmability.
This is not a MetaMask assault, to be clear. Hackers simply serve malicious code within victims’ web browsers that looks like any webpage the hacker desires – hosted and served indefinitely. Hackers attack victims for various extortion scams using Binance’s blockchain to serve code. Indeed, EtherHiding targets victims who have no cryptocurrency holdings.
Using a Browser Hijack to Steal Personal Information
Fake browser updates have become increasingly common in recent months. Unwary internet users come to a plausible, surreptitiously compromised website. They notice a bogus browser update and inadvertently click ‘Update.’ Hackers immediately install malware such as RedLine, Amadey, or Lumma. This sort of malware, known as a ‘infostealer,’ frequently conceals through Trojan attacks that appear to be legal software on the surface.
CryptoCaster Quick Check:
ClearFake, a more powerful infostealer, is used in the EtherHiding version of these WordPress-based update attacks. EtherHiding injects JS code into the machines of unwary consumers using ClearFake.
Some code in a previous version of ClearFake relied on CloudFlare servers. CloudFlare noticed and removed the malicious code, which rendered some of the ClearFake assault inoperable.
Advertisement
Follow GappyCoin PreSale on Twitter, and ReCap for information and more.
Unfortunately, the attackers have discovered how to avoid cybersecurity-minded sites such as CloudFlare. Binance proved to be an ideal host.
The EtherHiding hack famously redirects its traffic to Binance servers. It employs obfuscated Base64 code to query Binance Smart Chain (BSC) and initialize a BSC contract with an address controlled by the attackers. It specifically calls some software development kits (SDKs), such as Binance’s eth_call, which simulate contract execution and can be used to call malicious code.
As Guardio Labs researchers stated in their Medium postings, Binance may avoid this issue by limiting queries to fraudulent addresses or removing the eth_call SDK.
Binance, for its part, has marked some ClearFake smart contracts as malicious on BSCScan, the leading Binance Smart Chain explorer. It notifies blockchain explorers that the addresses used by the attacker are part of a phishing attack.
It does, however, provide very little valuable information regarding the attack’s form. Specifically, BSCScan does not provide warnings to victims where the hacks occur: within their web browsers.
Tips for avoiding EtherHiding in web browsers
With one-quarter of all websites utilizing WordPress, the software has become known for being a target for attackers.
- Unfortunately, around one-fifth of WordPress websites have not been updated to the most recent version, exposing Internet users to malware such as EtherHiding.
- Site managers should put in place strong security measures such as password protection, deleting hacked plugins, protecting passwords, and limiting admin access.
- WordPress administrators should upgrade WordPress and its plugins on a daily basis and avoid installing vulnerable plugins.
- WordPress administrators should likewise avoid using the login ‘admin’ for their management accounts.
Aside from that, the EtherHiding/ClearFake assault is impossible to counter. Internet users should simply be cautious of any unexpected ‘Your browser requires updating’ message, particularly when visiting a WordPress-powered website. Users should only upgrade their browser from the settings menu, not by clicking a button on a website, no matter how realistic it appears.
We hope you found this article insightful. Before you go, please consider supporting CryptoCaster’s independent journalism.
In the world of media owned by billionaires like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase), influence over narratives surrounding cryptocurrency and Web3 often reflects their interests. CryptoCaster is different. With no billionaire backers or shareholder obligations, we are committed solely to public interest journalism, covering crypto advancements and institutional changes without profit-driven motives.
Unlike much of mainstream media, which can fall into neutrality traps that obscure the real impacts on retail investors, we’re guided by transparency and integrity. We are unafraid to take a stand in the ongoing struggle against fiat banking dominance and in support of the monetary innovation driven by crypto and Web3. Reporting on issues like FTX, Binance, and Ripple, we bring a bold, unfiltered outsider’s view on global financial disruption—free from the constraints of traditional media narratives.
CryptoCaster remains paywall-free, accessible to everyone, thanks to the support of readers like you. Your contributions keep us independent and help ensure that critical information on the crypto landscape reaches all. If you value our work, please consider supporting us with a one-time contribution starting at just $1 in Bitcoin or Ether, or even monthly if you’re able. Scroll down to find our wallet addresses and help keep CryptoCaster independent and thriving.
Thank you for your support,
Kristin Steinbeck
Editor, CryptoCaster
Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
CRYPTOCASTER HEATMAP