{"id":85752,"date":"2023-10-16T11:11:19","date_gmt":"2023-10-16T08:11:19","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=85752"},"modified":"2025-09-13T01:14:12","modified_gmt":"2025-09-12T22:14:12","slug":"hackers-use-bnb-chain-blockchain-for-attacks","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hackers-use-bnb-chain-blockchain-for-attacks\/","title":{"rendered":"Hackers use BNB Chain blockchain for attacks"},"content":{"rendered":"<p>Cybercriminals are using smart contracts in the BNB Chain network to hide and spread malware, according to Guardio Labs.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">? Guardio Labs exposes \\&#8221;EtherHiding\\&#8221; \u2014 a new threat hiding in Binance&#8217;s Smart Chain, a technique that evades detection, targeting compromised WordPress sites. Read about this game-changing method! <a href=\\\"https:\/\/twitter.com\/BNBCHAIN?ref_src=twsrc%5Etfw\\\">@BNBCHAIN<\/a> <a href=\\\"https:\/\/twitter.com\/hashtag\/BNBChain?src=hash&#038;ref_src=twsrc%5Etfw\\\">#BNBChain<\/a> <a href=\\\"https:\/\/twitter.com\/hashtag\/CyberSecurity?src=hash&#038;ref_src=twsrc%5Etfw\\\">#CyberSecurity<\/a> <a href=\\\"https:\/\/t.co\/alNI5KqKUO\\\">https:\/\/t.co\/alNI5KqKUO<\/a><\/p>\n<p>\u2014 Guardio (@GuardioSecurity) <a href=\\\"https:\/\/twitter.com\/GuardioSecurity\/status\/1713526638581837835?ref_src=twsrc%5Etfw\\\">October 15, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Researchers described in a report the hacking technique called EtherHiding. The attack involves compromising WordPress sites by injecting JavaScript code that then extracts the payload from contracts on the blockchain.<\/p>\n<p>This is a modified method of the previously detected ClearFake campaign. Attackers deployed code for the second stage of the attack on Cloudflare Workers, but the American company began blocking accounts, potentially hindering attempts to breach.<\/p>\n<p>The hackers <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-web3\">Web3<\/a>-infrastructure from the supported Binance network BNB Chain. This provided them with nearly free, \\&#8221;truly bulletproof hosting, backed by blockchain,\\&#8221; the researchers stressed.<\/p>\n<p>Attackers can easily and cheaply modify the code and, accordingly, the attack vector at will.<\/p>\n<p>In one of the methods identified by researchers, victims are asked to update their browser to access the requested content. When following the link, the user downloads malware, infecting a computer from a hacker-controlled domain.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh3.googleusercontent.com\/j9M_46CQXm45i-N9WTdxUOfeqCOxDhl-RR-_MTEEjkjkkw-o0Z3Dg2fNqoaD_fmoWVfNM-NZxLXkf0ro646PGF0eP3Rh_hAChgbaWl8Hng19QvTstryqUK4Y8S7U-f6h6_QOSPAPoEYDniPYbQluEbY\\\" alt=\\\"Hackers used blockchain BNB Chain for attacks\\\"\/><figcaption class=\\\"wp-element-caption\\\">Examples of update prompts for popular browsers by hackers. Data: Guardio Labs.<\/figcaption><\/figure>\n<p>The attackers have the ability to modify the attack chain by changing a single blockchain transaction, costing roughly between $0.2 and $0.6.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh6.googleusercontent.com\/LRqIgD1Ea_fT3IF1VUZodETHU3JtS1_do6TS4qoD1Gp7l_Ae1BO4QJA0S_W6Al5U8OxOaD-8KHBddho4zyo0WHQgVl461okTwU29ViylnaxMX2wDDg_NwLqNZ975Cktv58MrMim6NPsZWcnDw1RQ41w\\\" alt=\\\"Example of a constantly modified contract by hackers on BNB Chain\\\"\/><figcaption class=\\\"wp-element-caption\\\">Example of a constantly modified contract by hackers on BNB Chain. Data: Guardio Labs.<\/figcaption><\/figure>\n<p>Experts noted that after deployment in the network, contracts run autonomously, and all that BNB Chain developers can do is mark them as malicious. Yet it is clear there is currently no way to stop hackers from spreading their software on this path, the experts stressed.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh4.googleusercontent.com\/zhQvkD-c2IjwmEwZP4kWFeDDgaFZfgqnV52ecK4dlhbSsgUMafHvWmBOEvat4Qhu_NBoNQ7zoNGChtIe4-FbVPhsY3uZ1Vhr0evupPJ4CtYSbw0xvEywUbF6IJzzFHfxlH-BAkX4roGLoLl1etNUD9E\\\" alt=\\\"Example of marking malicious contracts\\\"\/><figcaption class=\\\"wp-element-caption\\\">Example of marking malicious contracts. Data: Guardio Labs.<\/figcaption><\/figure>\n<p>Experts noted that WordPress sites serve as the main gateway for such attacks. They recommended owners take all possible precautions, keeping plugins up to date, changing passwords, and simply \\&#8221;watching what happens on the site.\\&#8221;<\/p>\n<p>Researchers noted that the use of blockchain poses new challenges for preventing malware distribution, excluding traditional provider-based blocking.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\"><p>\\n<\/p>\n<p>\\&#8221;While Web 3.0 promises innovation, attackers continually adapt, using its advantages for nefarious purposes. As for Binance, we cannot blame them, since the data is free for everyone, and anyone can verify and detect the danger,\\&#8221; the experts concluded.<\/p>\n<p>\\n<\/p><\/blockquote>\n<p>\\n\\n<\/p>\n<p>In September, hackers <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-targeted-russians-after-binance-restrictions\">attacked<\/a> Russian Binance clients via phishing app campaigns to bypass <a href=\"https:\/\/u1f987.com\/en\/news\/binance-limits-russians-to-p2p-trades-in-rubles-only\">P2P trading restrictions<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals are using smart contracts on the BNB Chain network to hide and spread malware, according to Guardio Labs.<\/p>\n","protected":false},"author":1,"featured_media":85753,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[25,1307,44,1111],"class_list":["post-85752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain","tag-bnb-chain","tag-cybercrime","tag-cybersecurity"],"aioseo_notices":[],"amp_enabled":true,"views":"30","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/85752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=85752"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/85752\/revisions"}],"predecessor-version":[{"id":85754,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/85752\/revisions\/85754"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/85753"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=85752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=85752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=85752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}