According to cybersecurity analysts at 0xScope and CertiK, threat actors are increasingly using BNB Smart Chain contracts instead of Ethereum due to its lower costs and perceived lower security. This comes as a new attack vector called EtherHiding has emerged, where malicious code is hidden in blockchain smart contracts to distribute malware. The attackers compromise WordPress websites and inject code that pulls partial payloads from Binance smart contracts. They then replace the website’s front end with a fake update browser prompt, tricking users into downloading malware disguised as browser updates. The attackers frequently change the malware payloads and update website domains to evade detection. One possible reason for using BNB Smart Chain over Ethereum is the increased security-related scrutiny on Ethereum, which may increase the risk of discovery for hackers. The sophistication of EtherHiding makes it difficult to detect and stop.
