North Korea Experiments with EtherHiding Malware in Blockchains

madmax

North Korean state-backed hackers are testing a new cyberattack technique called EtherHiding, which embeds malicious code directly into blockchain networks.

According to Google’s Threat Intelligence Group (GTIG), the method leverages immutable public ledgers like Ethereum and BNB Smart Chain to host malware, making it extremely difficult to remove or block. Hackers typically exploit WordPress sites, inserting JavaScript loaders that connect to the blockchain and retrieve malware silently.

GTIG traced the first known instance to the CLEARFAKE campaign in September 2023, which tricked users with fake browser updates. Experts warn this could signal a shift from cryptocurrency theft to using blockchain itself as a stealth attack vector.

kelson10

This experiment marks a dangerous evolution of cybercrime blending with decentralized tech.

alex10

Blockchain’s openness can be exploited unless stronger defensive frameworks are implemented.