An analysis of a novel method found in the wild abusing Binance Smart Contract Blockchain to freely host malicious code.

Guardio's platform is a resource for cybersecurity professionals and internet users, offering insights into online security threats, malware protection, and data privacy. Through articles, security alerts, and educational resources, Guardio offers insights into common cybersecurity risks, security best practices, and digital hygiene habits. Readers can learn about protecting their devices from malware, securing their online accounts, and staying safe while browsing the internet to mitigate cyber threats and safeguard their personal information.

Guardio

A new malware campaign called ClearFake is utilizing Binance's Smart Chain contracts to distribute malicious code. The attackers exploit compromised WordPress sites to inject concealed JavaScript code that retrieves a second-stage payload from Binance-controlled servers. The malware can modify the infection process remotely, making it difficult to detect and take down. The malicious code is hosted on the blockchain, making it decentralized and impervious to traditional shutdown methods. The use of smart contracts on platforms like BSC presents new challenges in fighting malicious campaigns. It is crucial to keep WordPress sites and plugins updated to mitigate these threats.

“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts

The Evolving Fake Browser Update Campaign

The Malicious Smart Contract — Analyzed

Deploying Malicious Code From The BlockChain (For Free!)

“EtherHiding”- Even More Threatning Possibilities