What is EtherHiding? Google flags malware with crypto-stealing code in smart contracts
“EtherHiding” deploys in two phases by compromising a website, which then communicates with malicious code embedded in a smart contract.
North Korean hackers have adopted a method of deploying malware designed to steal crypto and sensitive information by embedding malicious code into smart contracts on public blockchain networks, according to Google’s Threat Intelligence Group.
The technique, called “EtherHiding,” emerged in 2023 and is typically used in conjunction with social engineering techniques, such as reaching out to victims with fake employment offers and high-profile interviews, directing users to malicious websites or links, according to Google.
Hackers will take control of a legitimate website address through a Loader Script and embed JavaScript code into the website, triggering a separate malicious code package in a smart contract designed to steal funds and data once the user interacts with the compromised site.