XRP, other crypto assets targeted in EtherHiding attack
North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP.
- Hackers embed malicious code in smart contracts to steal XRP and other crypto.
- EtherHiding evades takedowns by hosting malware on decentralized blockchains.
- Fake recruiters trick developers into installing malware during job interviews.
According to Google’s Threat Intelligence Group , this is the first time GTIG has observed a nation-state actor using this method.
The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers.
The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.”
The campaign has led to numerous cryptocurrency heists affecting XRP ( XRP ) holders and users of other digital assets.
Blockchain-based attack infrastructure evades detection
EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down.
Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems.
Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings.
Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes.
When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data.
The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees.
Sophisticated social engineering
The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies.
Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments.
The campaign employs multi-stage malware infection, including JADESNOW, BEAVERTAIL, and INVISIBLEFERRET variants affecting Windows, macOS, and Linux systems.
Victims believe they’re participating in legitimate job interviews while unknowingly downloading malware designed to gain persistent access to corporate networks and steal cryptocurrency holdings.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Ethereum Updates: $LIVE Gains Momentum While Ethereum Surges Forward
- LivLive ($LIVE) raises $2.1M in presale by blending AR, real-world engagement, and blockchain rewards through its "proof-of-presence" ecosystem. - Ethereum's 30% decline from August highs and $107M ETF outflows drive investors toward LivLive's utility-driven model as market volatility intensifies. - Stage 1 presale offers 1,150% potential gains at $0.25 launch price, with boosted allocations and NFT prizes attracting 279 early holders. - Analysts highlight LivLive's real-world utility advantage over spec
Kugler's Departure Sheds Light on Weaknesses in Federal Reserve's Ethics Supervision
- Fed's Adriana Kugler resigned after ethics probe revealed her spouse's unauthorized stock purchases violating senior official rules. - Kugler sought but failed to secure a waiver from Powell to rectify violations, leading to her abrupt departure cited as a "personal matter." - OIG is reviewing whether her actions constituted material ethical breaches, following prior 2024 investigations into similar issues. - Case highlights broader Fed ethics challenges, including Bostic's trading scandal and Trump's co
Bitcoin Updates Today: Morgan Stanley Advises: Secure Bitcoin Profits Ahead of Potential Crypto Downturn
- Morgan Stanley warns Bitcoin investors to secure gains amid bearish signals, comparing the market phase to a "crypto autumn" before potential downturns. - Bitcoin fell below $99,000 and its 365-day moving average on Nov. 5, triggering a "technical bear market" label as ETF outflows accelerated. - A "Death Cross" pattern and declining RSI (32) signal prolonged weakness, with further drops to $90,000 possible if key support breaks. - Ethereum and XRP also underperform, showing oversold conditions and weak
Trump Rolls Back Tariffs in Bid to Curb Inflation, Prompting Backlash from Politicians and Industry Leaders
- Trump reversed food tariffs on beef, coffee, and bananas to curb soaring grocery prices and public cost concerns. - The policy shift followed Democratic election gains and economic warnings about inflation from high duties on imports. - Cattle ranchers criticized the move as conflicting with "America First" rhetoric, while Australia and Brazil welcomed tariff cuts. - Economists debate long-term impacts, with some predicting higher prices as supply chains adjust post-tariff reductions.
Trending news
MoreCrypto prices
More
