Crypto Hack News: North Korean Hackers Exploit EtherHiding for Crypto Thefts

North Korean hackers are deploying new malware to steal cryptocurrency using EtherHiding without detection, which symbolizes the dawn of blockchain-based cyberattacks.

According to cybersecurity teams, UNC5342, a state-sponsored group, is the first nation-state that uses EtherHiding for malware attacks and crypto theft.  

According to the Google Threat Intelligence Group (GTIG), which was reported by The Hacker News, this method incorporates malicious code in the form of smart contracts on blockchains such as Ethereum and BNB Smart Chain (BSC).  

By turning the blockchain into a decentralized “dead drop”, the attackers make takedowns cumbersome, and it is not clear where the attack originated.  

It also gives attackers the ability to update smart contract malware at will while experiencing dynamic control with a low gas fee update cost.

Sneaky Social Engineering Targets Developers via LinkedIn

Dubbed the “Contagious Interview” hacking campaign, UNC5342 is a sophisticated social engineering campaign.  

Attackers create LinkedIn profiles that imitate recruiters and lure their targets to Telegram or Discord channels. There, they persuade the victims to run malicious code disguised as job tests.

The ultimate objective is to gain unauthorized access to developers’ devices, steal sensitive information, and seize crypto assets. These actions align with North Korea’s dual goals of cyber espionage and financial gain.

Complex Multi-Stage Malware Chain

The infection chain is for Windows, macOS, and Linux. First, it uses a downloader that appears as a JavaScript that looks like an npm package.  

Subsequent stages are BeaverTail, which is used to steal cryptocurrency wallets, and JADESNOW, which can interact with Ethereum smart contracts to download InvisibleFerret.  

InvisibleFerret, a JavaScript version of a Python backdoor, allows long-term data stealing and remote management of infected computers.  

The malware additionally has installed a portable Python interpreter to run additional credential stealers associated with Ethereum addresses.

A New Era of Blockchain-Enabled Cyber Threats

Cybersecurity researchers say this is a serious increase in cyber threats. Law enforcement takedowns are hampered by the “bulletproof” nature of the host layer, which is based on blockchain technology.  

According to Google’s security team, the attackers’ use of multiple blockchains in EtherHiding is significant. It shows how cybercriminals adapt by exploiting emerging technologies for their benefit.

The insight reveals that state-backed actors are exploiting decentralized technologies for crypto theft and espionage. This marks a troubling evolution in global cyber threats.

The post Crypto Hack News: North Korean Hackers Exploit EtherHiding for Crypto Thefts appeared first on Live Bitcoin News.