#NorthKorea|n #hackers, tracked as #UNC5342, are using the #EtherHiding technique to hide #malware on the #blockchain. This technique, first described by Guardio Labs, allows the threat actor to host #maliciousscripts within #smartcontracts on the Binance Smart Chain or Ethereum, making it…
DPRK actor UNC5342 stores JavaScript payloads in smart contracts (Ethereum, BNB Smart Chain); loader retrieves via eth_call and delivers JADESNOW / INVISIBLEFERRET, enabling crypto theft and resilient C2. #EtherHiding #UNC5342 #JADESNOW https://bit.ly/4qlCSfY
"DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains" published by Google. #EtherHiding, #JADESNOW, #UNC5342, #DPRK, #CTI cloud.google.com/blog/topics/threat-intel...
