What is EtherHiding? Google flags malware with crypto-stealing code in smart contracts
North Korean hackers have adopted a method of deploying malware designed to steal crypto and sensitive information by embedding malicious code into smart contracts on public blockchain networks, according to Google’s Threat Intelligence Group.
The technique, called “EtherHiding,” emerged in 2023 and is typically used in conjunction with social engineering techniques, such as reaching out to victims with fake employment offers and high-profile interviews, directing users to malicious websites or links, according to Google.
Hackers will take control of a legitimate website address through a Loader Script and embed JavaScript code into the website, triggering a separate malicious code package in a smart contract designed to steal funds and data once the user interacts with the compromised site.

The compromised website will communicate with the blockchain network using a “read-only” function that does not actually create a transaction on the ledger, allowing the threat actors to avoid detection and minimize transaction fees, Google researchers said.
The report highlights the need for vigilance in the crypto community to keep users safe from scams and hacks commonly employed by threat actors attempting to steal funds and valuable information from individuals and organizations alike.
Related: CZ’s Google account targeted by ‘government-backed’ hackers
Know the signs: North Korea social engineering campaign decoded
The threat actors will set up fake companies, recruitment agencies and profiles to target software and cryptocurrency developers with fake employment offers, according to Google.
After the initial pitch, the attackers move the communication to messaging platforms like Discord or Telegram and direct the victim to take an employment test or complete a coding task.
“The core of the attack occurs during a technical assessment phase,” Google Threat Intelligence said. During this phase, the victim is typically told to download malicious files from online code repositories like GitHub, where the malicious payload is stored.
In other instances, the attackers lure the victim into a video call, where a fake error message is displayed to the user, prompting them to download a patch to fix the error. This software patch also contains malicious code.
Once the malicious software is installed on a machine, second-stage JavaScript-based malware called “JADESNOW” is deployed to steal sensitive data.
A third stage is sometimes deployed for high-value targets, allowing the attackers long-term access to a compromised machine and other systems connected to its network, Google warned.
Magazine: Inside a 30,000 phone bot farm stealing crypto airdrops from real users
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Silver’s Price Swings and Strength: How Global Politics and Economic Trends Influence Market Prospects
- Silver prices rose 1% to $49.02/oz on Oct 24 after a 9% two-day drop to $47.89/oz, driven by geopolitical tensions, a strong dollar, and shifting industrial demand. - The metal gained 37% year-to-date to $49.02/oz, outperforming gold in India's Diwali-to-Diwali returns (92% vs. 71%) via ETFs and small bars. - Analysts highlight silver's dual role as inflation hedge and industrial metal, with technical support near $47.80 and resistance at $53.46. - Market participants monitor Fed rate cut delays, U.S. Do

Bitcoin Updates: Major Institutions and Companies Drive $429 Million Bitcoin Rally as Whales Employ Advanced Hedging Strategies
- BlackRock deposited $314M Bitcoin and $115M Ethereum into Coinbase Prime, signaling institutional trust in crypto custody solutions. - BTC OG whale executed $593M Bitcoin transfers across major exchanges, employing a $1.18B short position in complex hedging strategies. - Strategy's 640,418 BTC ($71.1B) reserves now control 3% of Bitcoin's supply, surpassing peers despite 36% stock price decline. - A 14.4-year dormant Satoshi-era wallet moved $16.56M Bitcoin, sparking liquidity speculation amid mixed mark

Thailand Launches Raid on Unauthorized Biometric Crypto Transactions Involving Iris Scans
- Thailand's SEC and CCIB raided a Worldcoin iris scanning facility on October 24, 2025, investigating unlicensed WLD token distribution through biometric verification. - Authorities examine if exchanging tokens for iris scans violates Thailand's digital asset laws, with 102 scanning sites under scrutiny. - Worldcoin claims compliance in eligible regions but faces global scrutiny over biometric data security in Indonesia, Germany, Kenya, and Brazil. - Thai regulators arrested suspects, emphasizing strict e

Uniswap News Today: ZK Technology Secures $9 Million Funding to Transform Trustless DeFi Rewards
- Uniswap Foundation grants Brevis $9M to build a trustless gas rebate program for v4 hooked pools via ZK proofs. - The system uses off-chain computation and cryptographic verification to reduce costs while maintaining DeFi decentralization. - Routers gain economic incentives to adopt v4's advanced features, potentially boosting liquidity and trader efficiency. - This ZK-powered model could set a precedent for scalable, transparent DeFi incentives across blockchain ecosystems.

Trending news
MoreCrypto prices
More








