← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts
WHITE AlienVault 2023-10-16 Modified: 2023-11-15
51
IOCs
HIGH VOLUME
“EtherHiding” presents a novel twist on serving malicious code by utilizing Binance’s Smart Chain contracts to host parts of a malicious code chain in what is the next level of Bullet-Proof Hosting. Over the last two months, leveraging a vast array of hijacked WordPress sites, this threat actor has misled users into downloading malicious fake “browser updates”.
etherhidingclearfakebinance smart chainbsc blockchain
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClearFake
Indicators of Compromise (4 / 51 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 5225371f32a1ba8a5daa8f14ce64e8bf MD5 of 1743f4a392b6d2ad0d47a7a57e277e1a29ecf459275b604919a6131739afdaad 2023-10-16
FileHash-MD5 a3fec32282873b302adaeef78c085aee MD5 of 8ba53b5d773bc157df65fb0941c24e1edbc7c7b47e37b3f7a01751fc3b1a701a 2023-10-16
FileHash-MD5 a655b9c347ce862da682883508be4880 MD5 of 3d77b34ba6dbb49d594e2be590a87f682e1875d2565ff18bdeafc66c9d5594ea 2023-10-16
FileHash-MD5 f1c9c05e648e58b6bef8dada7654a88e MD5 of 1a99ac759fcd881729b76c2904476b4201e794df2d0547c954ea37be7c153131 2023-10-16
References (1)
↗ https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16