1. Forum
  2. tqwNet
  3. TQW GENTECH

  • North Korean hackers found hiding crypto-stealing malware with Bl

    From TechnologyDaily@1337:1/100 to All on Friday, October 17, 2025 17:45:08
    North Korean hackers found hiding crypto-stealing malware with Blockchain

    Date:
    Fri, 17 Oct 2025 16:35:00 +0000

    Description:
    State-sponsored actors are using Ethereum and BNB to host malware and steal people's money.

    FULL STORY ======================================================================UNC5342 uses blockchain smart contracts to deliver crypto-stealing malware via EtherHiding Fake jobs and coding challenges lure developers into triggering the JadeSnow loader and backdoor Blockchains immutability makes malware hosting resilient

    North Korean state-sponsored threat actors are now using public blockchains
    to host malicious code and deploy malware on target endpoints.

    This is according to Googles Threat Intelligence Group (GTIG) , who said they observed UNC5342 using Ethereum and BNB to host droppers and ultimately
    deploy cryptocurrency-stealing malware against software and blockchain developers.

    The technique is called EtherHiding. Instead of sending a malicious file directly to the victim (or otherwise tricking them into downloading it), they encode parts of the malware into blockchain transactions and smart contracts. Evolution of bulletproof hosting

    The smart contract itself doesnt execute malware automatically on someones computer, but it can deliver instructions or code when a user interacts with it (when they click a link, run a script, or connect a crypto wallet).

    The blockchain is a great place to store and distribute malware since it is public, immutable, and almost impossible to tamper.

    This represents a shift toward next-generation bulletproof hosting, Google said, stressing that the blockchains resilient nature is what makes it so enticing for cybercrooks.

    From February, UNC5342 was observed creating fake jobs and coding challenges
    , tricking developers and others working in the Web3 space to download different files. These files connect to the blockchain and retrieve the code which, in turn, installs the JadeSnow loader. This loader drops the InvisibleFerret backdoor, which was already observed used in cryptocurrency thefts.

    This is not the first time were seeing blockchain being used to deliver malware. The technique has been in use since 2023, and in the same report, Google also mentioned a financially motivated actor UNC5142 using the same technique.

    This group was seen compromising WordPress sites to host malicious JavaScript code that connected to the blockchain. More than 14,000 infected sites were found so far.

    North Korea is known for targeting the crypto industry and using the stolen funds to finance its weapons program and state apparatus.

    Via The Record

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Are they brave or stupid? Malware targeting Russian crypto hackers found Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-found-hiding-crypt o-stealing-malware-with-blockchain


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)