The **Google Threat Analysis Group** has discovered a **new method** being utilized by hackers with suspected ties to North Korea.
This technique involves **concealing malicious software within the code of smart contracts residing on open blockchain networks**. This strategy, dubbed **”EtherHiding,”** has been observed since 2023.
The attacks often commence with fraudulent job postings or invitations to interviews targeting developers specializing in software and cryptocurrencies. Upon initial contact, the perpetrators move the communication to platforms like Discord or Telegram to cultivate trust and progress the scam.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
<p class="dyk-video-title">How to Track Cryptocurrencies? (3 BEST Tracking Platforms Revealed)</p>
<img loading="lazy" class="yt-thumbnail" width="100%" height="100%" alt="How to Track Cryptocurrencies? (3 BEST Tracking Platforms Revealed)" title="How to Track Cryptocurrencies? (3 BEST Tracking Platforms Revealed)"/>
<img loading="lazy" class="play-button" width="100%" height="100%" src="https://assets.bitdegree.org/crypto/assets/video-button.png?tr=w-85" alt="How to Track Cryptocurrencies? (3 BEST Tracking Platforms Revealed)" title="How to Track Cryptocurrencies? (3 BEST Tracking Platforms Revealed)"/>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p>The attackers further **compromise legitimate websites by injecting a small piece of code**. This script establishes a connection to a smart contract on a blockchain, which contains an additional layer of malicious code.</p><p>Hackers use a "read-only" function to retrieve the code from the blockchain, preventing the creation of traceable transaction records.</p><p>In the subsequent stage, victims are instructed to perform a technical task, frequently involving **downloading files from public code repositories like GitHub**. These files are rigged with the malware necessary to initiate the attack.</p><p><iframe loading="lazy" class="twitter-embed" src="https://platform.x.com/embed/Tweet.html?frame=false&hideCard=false&hideThread=false&id=1979283778225725590&lang=en&theme=light&width=550px" title="Twitter Tweet Embed" width="550px" rel="noindex nofollow" scrolling="no"> </p><p>In certain instances, victims are deceived during video calls by displaying a fake system error. They are then directed to install a "patch" purportedly to resolve the problem, which actually installs the harmful code.</p><p>Upon installation of the initial malware, it **deploys a secondary tool, known as JADESNOW**, designed to harvest sensitive data, including cryptocurrency wallet details.</p><p>Recently, deceptive ads were found within the official Monad Telegram channel prior to its upcoming token distribution. Read the full story on what co-founder Keone Hon stated. <a href="https://www.bitdegree.org/crypto/news/monad-warns-of-fake-claim-ads-in-telegram-official-channel"><strong>Read more here</strong></a>.</p>
</div>
<hr class="article-end"/>
</div>