North Korean hackers found hiding crypto-stealing malware with Blockchain

North Korean state-sponsored threat actors are now using public blockchains to host malicious code and deploy malware on target endpoints…I am bemused that its state sponsored…

This is according to Google’s Threat Intelligence Group (GTIG), who said they observed UNC5342 using Ethereum and BNB to host droppers and ultimately deploy cryptocurrency-stealing malware against software and blockchain developers.

The technique is called EtherHiding. Instead of sending a malicious file directly to the victim (or otherwise tricking them into downloading it), they encode parts of the malware into blockchain transactions and smart contracts.