Hackers have been observed hosting malicious code on Binance’s Smart Chain and dropping it to people via smart contracts.
This tactic makes the malware campaign infinitely more resilient and tougher to take down, with the researchers who found it - Guardio Labs - describing it as the “next level of bulletproof hosting”.
Binance is one of the world’s most popular cryptocurrency exchanges, and has its own blockchain, called the Binance Smart Chain, which is essentially a competitor to Ethereum - a world computer that can be used to create and host decentralized apps (dApps). It also has lower fees and faster transaction times compared to Ethereum (because of, among other things, Ethereum being arguably more popular and more used). Smart contracts are programs stored on the blockchain that run when certain conditions are met.
If the victim clicks on the download button, the script runs, creates the smart contract and fetches a malicious script hosted on the blockchain.
“This is what we see here in this attack — malicious code is hosted and served in a manner that can’t be blocked,” the researchers explain. “Unlike hosting it on a Cloudflare Worker service as was mitigated on the earlier variant. Truly, it is a double-edged sword in decentralized tech.”
Ultimately, the victims will install an infostealer on their endpoints, be it Amadey, Lumma, or RedLine.
Unfortunately, there’s very little anyone can do about it, other than just flag the associated Binance Smart Chain addresses and contracts as malicious and used in a phishing campaign.
More from TechRadar Pro
- Security professionals are being overworked - and that's a huge problem
- Here's a list of the best firewalls today
- These are the best identity theft protection tools right now