Hackers are hiding malicious code in Binance Smart Chain contracts

blockchain
(Image credit: Shutterstock / Venomous Vector)

Hackers have been observed hosting malicious code on Binance’s Smart Chain and dropping it to people via smart contracts.

This tactic makes the malware campaign infinitely more resilient and tougher to take down, with the researchers who found it - Guardio Labs - describing it as the “next level of bulletproof hosting”.

Binance is one of the world’s most popular cryptocurrency exchanges, and has its own blockchain, called the Binance Smart Chain, which is essentially a competitor to Ethereum - a world computer that can be used to create and host decentralized apps (dApps). It also has lower fees and faster transaction times compared to Ethereum (because of, among other things, Ethereum being arguably more popular and more used). Smart contracts are programs stored on the blockchain that run when certain conditions are met.

Blockchains and smart contracts

First, the hackers' campaign, dubbed EtherHiding, finds a vulnerable WordPress site. It may have an easy-to-guess password or a flawed and outdated add-on through which they obtain access. Then, they create an overlay on that website, warning the visitors that their browser is outdated and that a patch is necessary in order to view the contents of the site. They also add an obfuscated JavaScript code that creates a smart contract and queries the Binance Smart Chain.

If the victim clicks on the download button, the script runs, creates the smart contract and fetches a malicious script hosted on the blockchain. 

“This is what we see here in this attack — malicious code is hosted and served in a manner that can’t be blocked,” the researchers explain. “Unlike hosting it on a Cloudflare Worker service as was mitigated on the earlier variant. Truly, it is a double-edged sword in decentralized tech.”

Ultimately, the victims will install an infostealer on their endpoints, be it Amadey, Lumma, or RedLine.

Unfortunately, there’s very little anyone can do about it, other than just flag the associated Binance Smart Chain addresses and contracts as malicious and used in a phishing campaign. 

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A white padlock on a dark digital background.
Developers targeted by malicious Microsoft VSCode extensions
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Trojan
Hackers hide malware into website images to go unnoticed
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
Latest in Security
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
Latest in News
Volvo Gaussian Splatting
Volvo is using AI-generated worlds to make its cars safer and it’s all thanks to something called Gaussian splatting
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse