XRP, other crypto assets targeted in EtherHiding attack
North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP.
- Hackers embed malicious code in smart contracts to steal XRP and other crypto.
- EtherHiding evades takedowns by hosting malware on decentralized blockchains.
- Fake recruiters trick developers into installing malware during job interviews.
According to Google’s Threat Intelligence Group , this is the first time GTIG has observed a nation-state actor using this method.
The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers.
The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.”
The campaign has led to numerous cryptocurrency heists affecting XRP ( XRP ) holders and users of other digital assets.
Blockchain-based attack infrastructure evades detection
EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down.
Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems.
Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings.
Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes.
When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data.
The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees.
Sophisticated social engineering
The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies.
Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments.
The campaign employs multi-stage malware infection, including JADESNOW, BEAVERTAIL, and INVISIBLEFERRET variants affecting Windows, macOS, and Linux systems.
Victims believe they’re participating in legitimate job interviews while unknowingly downloading malware designed to gain persistent access to corporate networks and steal cryptocurrency holdings.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
GeeFi’s Practical Ecosystem Challenges Avalanche’s Speculative Ambitions
- Avalanche (AVAX) fell to $14.94, with short-term volatility and long-term $326/2031 forecasts, contrasting GeeFi (GEE)'s $0.05 presale surge. - GeeFi's $300K+ presale (6.2M tokens sold) highlights its 3,900% ROI potential via a multi-chain wallet and 55% APR staking. - GEE's deflationary model and real-world crypto tools (DEX, spending card) challenge AVAX's speculative reliance on network upgrades. - With 80% Phase 1 completion and 700+ investors, GeeFi's urgency contrasts Avalanche's stagnant $13–$14 s
PENGU Token's Technical Surge and Changing Market Sentiment: A Brief Momentum Opportunity Among Altcoins
- PENGU Token offers high-risk, high-reward potential for short-term momentum traders, driven by technical indicators and ecosystem growth. - Structural risks like regulatory uncertainty and declining NFT demand pose significant challenges to its volatility-driven strategy. - Traders are advised to use tight stop-loss orders and position sizing, treating PENGU as a speculative, short-term play. - The upcoming Cboe ETF decision will be pivotal in determining PENGU's transition from volatile altcoin to viabl
Cardano News Today: How Getting in Early Fuels the Intense Competition in Crypto Presales
- Apeing's 2026 presale offers early access at $0.0001, targeting a 10x return as investors seek high-potential crypto opportunities amid market volatility. - Cardano (ADA) faces recovery challenges after a network split, while SUI's price surges and institutional interest highlight contrasting crypto market dynamics. - Grayscale's Zcash ETF filing and Securitize's EU tokenized securities platform signal crypto's growing institutional adoption and regulatory progress. - Analysts warn of systemic risks from
COAI Token Fraud Aftermath: Dangers and Warning Signs in New Cryptocurrency Ventures
- COAI Token's 88% collapse erased $116.8M, exposing systemic risks in algorithmic stablecoins, centralized governance, and regulatory gaps. - 87.9% token concentration in ten wallets enabled manipulation, contradicting decentralization claims while CLARITY Act ambiguities allowed regulatory exploitation. - Southeast Asia's crypto fraud hub status amplified risks, with COAI's failure mirroring FINRA-identified red flags like opaque tokenomics and anonymous teams. - Investors must prioritize technical audit
Trending news
MoreCrypto prices
More
