A new report by cybersecurity firm Guardio Labs reveals that hackers have found a way to leverage BNB Smart Chain (BSC) smart contracts to conceal malware distribution campaigns. By compromising WordPress sites and injecting code that pulls data from BSC contracts, attackers can effectively use the contracts as anonymous hosting platforms for malicious payloads.
The attack involves hackers updating the code in the contracts to modify the nature of the malware being distributed. Recently, threat actors have utilized fake browser updates on hacked sites, asking victims to “update” using a phishing page link which leads to complete site corruption with malware.
Once deployed, the infected BSC contracts operate autonomously, meaning Binance is limited in its ability to detect and disable them. Instead, the company relies on developer community members to flag suspicious contracts.
This novel attack vector demonstrates how hackers continue to employ new techniques that take advantage of decentralized systems. By frequently modifying the attack methods via blockchain transactions, threat actors make their campaigns more difficult to track and prevent.
The report comes on the heels of a new report showing that the crypto market lost $685 million to fraudulent schemes in Q3 2022. Though this represents a nearly 25% drop compared to 2022, it highlights that threats to the crypto ecosystem continue to evolve. Industry experts recommend best security practices, multi-factor authentication, and caution around unknown links and apps.
#Blockchain #Binance #Hacking #BNB
