• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Sunday, July 12, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Crypto Blockchain

How Hackers Are Hiding Malware Inside the Blockchain

by Anindya Paul
October 21, 2025
in Blockchain, Crypto
Reading Time: 3 mins read
0
Blockchain

Source: koop360.com

TwitterWhatsappLinkedin

In a clever and hard to see at first but indeed creepy turn of offshore software design for a decentralized financial system (i.e. a tamper-proof way to spend money) is actually going to be an amazing weapon for e-criminals.  Security researchers in Google’s Threat Intelligence Group have detected a new attack vector they are calling “EtherHiding” where hackers have learned to embed malicious destructive code directly into a public blockchain like Ethereum and the BNB Smart Chain.  This method relies on the fact that it can turn the public blockchain in an unkillable “safehouse” for all malware, giving them a secure and sufficiently resilient delivery method which no one normal understanding of law and order can shut down!

You might also like

Federal Prosecutors Prepare to Abandon $722 Million Cryptocurrency Fraud Case Against Alleged Mastermind

The Quiet Revolution: Why Stablecoins Are Becoming More Important Than Bitcoin

The Sunset of Efficiency DOGE Shuts Down Operations Following Scheduled Mandate

A New Breed of ‘Bulletproof’ Hosting

Cybercriminals have long relied on “bulletproof hosting,” or servers in areas with relative law enforcement, as locations that are often hard to shut down. EtherHiding, however, is the next evolution of this concept. Instead of relying on a physical server that can eventually be found and unplugged, attackers are deploying their malware as part of a smart contract.

A smart contract is a compact, self executing program which runs on the blockchain. Once in effect its code is immutable; it cannot be modified or deleted. By inserting their malware in one of these contracts they have created a permanent, decentralised host for their malicious code. There is no single point of failure, no centralised administrator or “off” switch.

The Attack Chain: From Fake Jobs to Malicious Code

Per Google’s report, this isn’t just a theory; it’s in action and being used in real-world advanced campaigns. One group, named UNC5342, who has connections to North Korea, is utilizing EtherHiding as an element of a social engineering campaign called “Contagious Interview.”

Here’s how it works: The attackers pose as recruiters and contact software developers with enticing (but fake) job offers. During the “interview,” the developer is requested to download and execute a file in most cases it’s coding assignment or technical test. This initial file is a downloader, a piece of malware Google calls “JadeSnow.”

Once activated, JadeSnow doesn’t connect to a traditional, suspicious web server. On the contrary, it passes a subtle query to the public blockchain, drawing the actual malware—specifically a backdoor associated with “INVISIBLEFERRET”—from the smart contract. This second-stage payload at this point infects the system, allowing attackers to extract credentials, drain cryptocurrency wallets, and surveille the victim.

Why the Blockchain is the Perfect Hiding Spot

This approach works alarmingly well for several reasons. First, it is incredibly unobtrusive. The malware downloader uses “read-only calls” to retrieve the code. Because such a query does not produce new transactions to the blockchain, it leaves no public record and costs the attacker nothing in “gas fees.”

Second, it’s resilient. Even if a smart contract is identified as malicious, it cannot be removed. Attackers have even designed their contracts to be updatable. While the base code is immutable, they can change the data it points to, allowing them to update their malware or change its target at any time, all for a transaction fee of less than $2.

The State-Sponsored Connection

While financially motivated criminals (like the group UNC5142) have been seen using similar methods, Google notes this is the first time a nation-state actor has adopted the technique. The participation of the UNC5342 group, which is linked to North Korea, is a clear escalation. This effort is linked to a large, state-sponsored effort to financing the regime through cybercrime. Estimates from blockchain analysis companies suggest that efforts will have generated in excess of $2 billion already.

A New Front in the Cybersecurity War

The emergence of EtherHiding poses a significant dilemma for cybersecurity defenders. Standard security solutions are designed to block abusive IPs and domains. They do not scan all of a centralized blockchain for potential malicious code.

While the blockchain itself is decentralized, the attackers still rely on centralized API providers to interact with it. Google has stated it is working with these providers to try and curb the activity. However, this cat-and-mouse game has clearly moved to a new, more complex battlefield. As attackers leverage the tools of the future, security teams are in a race to find new ways to defend against them.    

Tweet54SendShare15
Previous Post

Struggling with Bitcoin’s Price Swings? OAKMining BTC Work for You and Earn Daily 8775USD!

Next Post

ED Seizes Rs 2,385 Crore in Massive OctaFX Ponzi Scheme

Anindya Paul

Professional content creator with strong expertise in content writing, filmmaking and social media strategy. Skilled in digital storytelling, scriptwriting, video production, sound design and graphic design - crafting compelling narratives across platforms. Known for delivering high-quality, engaging content under tight deadlines. A collaborative team player with a sharp creative instinct, adaptability to evolving trends, and a focus on impactful, results-driven communication.

Recommended For You

Federal Prosecutors Prepare to Abandon $722 Million Cryptocurrency Fraud Case Against Alleged Mastermind

by Anindya Paul
July 12, 2026
0
BitClub

The multi-year long legal tussle has reportedly got the Justice department of the US to drop charges against the one deemed responsible for the biggest Ponzi scheme in...

Read more

The Quiet Revolution: Why Stablecoins Are Becoming More Important Than Bitcoin

by Anindya Paul
July 12, 2026
0
Stablecoins

Bitcoin has been the focal point of economic news articles for the past ten years. Originally, Bitcoin was intended to be a decentralized system of peer-to-peer monetary transactions,...

Read more

The Sunset of Efficiency DOGE Shuts Down Operations Following Scheduled Mandate

by Anochie Esther
July 12, 2026
0
DOGE shuts down operations

The ambitious, sweeping, and deeply controversial experiment to violently downsize the American federal bureaucracy from the outside has officially reached its final chapter. Originally conceived as a modern-day...

Read more
Next Post
OctaFX

ED Seizes Rs 2,385 Crore in Massive OctaFX Ponzi Scheme

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?