XRP, other crypto assets targeted in EtherHiding attack
North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP.
- Hackers embed malicious code in smart contracts to steal XRP and other crypto.
- EtherHiding evades takedowns by hosting malware on decentralized blockchains.
- Fake recruiters trick developers into installing malware during job interviews.
According to Google’s Threat Intelligence Group , this is the first time GTIG has observed a nation-state actor using this method.
The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers.
The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.”
The campaign has led to numerous cryptocurrency heists affecting XRP ( XRP ) holders and users of other digital assets.
Blockchain-based attack infrastructure evades detection
EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down.
Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems.
Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings.
Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes.
When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data.
The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees.
Sophisticated social engineering
The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies.
Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments.
The campaign employs multi-stage malware infection, including JADESNOW, BEAVERTAIL, and INVISIBLEFERRET variants affecting Windows, macOS, and Linux systems.
Victims believe they’re participating in legitimate job interviews while unknowingly downloading malware designed to gain persistent access to corporate networks and steal cryptocurrency holdings.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
XRP News Today: Investors Divided: XRP's $5 Buzz Compared to Ozak AI's 7,000% Growth Promise
- XRP gains traction as analysts predict $5 price targets via ETF-driven inflows, citing historical Bitcoin multipliers. - Ozak AI emerges as AI-focused crypto alternative, raising $4.54M in presale with 7,000% return potential via decentralized AI infrastructure. - Market splits between XRP's institutional appeal and Ozak AI's utility-driven innovation, highlighting crypto's shifting risk-reward dynamics. - Analysts note XRP's capped growth vs. Ozak AI's 50X-100X potential, emphasizing real-world AI appli
Between Breakthroughs and Turmoil: The Struggle for Safety and Longevity in Cryptocurrency
- Crypto sector faces structural challenges balancing innovation with security and sustainability amid rising threats and regulatory uncertainty. - Mutuum Finance advances dual-lending architecture and mtToken mechanics under Halborn audit to build defensible DeFi models. - Upbit's $36M hack and Tether's Uruguay exit highlight systemic vulnerabilities from cyberattacks and energy cost volatility. - Industry shifts toward sustainable yield models with automated collateral rules and revenue redistribution to
Trump’s Selection of Hassett as Fed Chair Challenges Central Bank Autonomy
- Trump's nomination of Kevin Hassett as potential Fed Chair gains traction, positioning him as the leading candidate to replace Jerome Powell in 2026. - Hassett, a pro-crypto economist with Coinbase ties and Trump-aligned regulatory views, could shift Fed policy toward aggressive rate cuts and crypto-friendly frameworks. - Market odds favor Hassett (52-55% on prediction platforms), though mixed investor reactions and Senate confirmation challenges highlight risks to Fed independence. - Critics warn of pol
Dogecoin News Update: Practical Use Drives Digitap's $2.1M Presale Amid Bearish Market, Not Just Hype
- Digitap ($TAP) secures $2.1M in presale amid crypto bear market, contrasting ADA and DOGE's struggles with technical issues and weak demand. - Its utility-driven model, including Visa integration and cross-border payments, addresses gaps in traditional finance with sub-1% fees and 150M+ merchant access. - 90% presale allocation and 133M $TAP sold at 76% discount highlight demand, driven by 120K+ wallets linked during Black Friday promotions. - Analysts project $TAP could rise to $0.45–$3 by 2030, citing
Trending news
MoreCrypto prices
More
