{"id":13708,"date":"2025-10-18T17:01:09","date_gmt":"2025-10-18T17:01:09","guid":{"rendered":"https:\/\/bitunikey.com\/news\/xrp-other-crypto-assets-targeted-in-etherhiding-attack\/"},"modified":"2025-10-18T17:01:16","modified_gmt":"2025-10-18T17:01:16","slug":"xrp-other-crypto-assets-targeted-in-etherhiding-attack","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/xrp-other-crypto-assets-targeted-in-etherhiding-attack\/","title":{"rendered":"XRP, other crypto assets targeted in EtherHiding attack"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP.<\/p>\n<div id=\"cn-block-summary-block_a306529f505c45222be2792d68c0517d\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Hackers embed malicious code in smart contracts to steal XRP and other crypto.<\/li>\n<li>EtherHiding evades takedowns by hosting malware on decentralized blockchains.<\/li>\n<li>Fake recruiters trick developers into installing malware during job interviews.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>According to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.infosecurity-magazine.com\/news\/nk-hackers-etherhiding-steal-crypto\/\" target=\"_blank\" rel=\"nofollow\">Google\u2019s Threat Intelligence Group<\/a>, this is the first time GTIG has observed a nation-state actor using this method.<\/p>\n<p>The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers.<\/p>\n<p>The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as \u201cContagious Interview.\u201d<\/p>\n<p>The campaign has led to numerous cryptocurrency heists affecting XRP (XRP) holders and users of other digital assets.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h3 class=\"wp-block-heading\">Blockchain-based attack infrastructure evades detection<\/h3>\n<p>EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down.<\/p>\n<p>Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems.<\/p>\n<p>Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings.<\/p>\n<p>Google\u2019s report describes EtherHiding as a \u201cshift towards next-generation bulletproof hosting\u201d where blockchain technology features enable malicious purposes.<\/p>\n<p>When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data.<\/p>\n<p>The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees.<\/p>\n<h3 class=\"wp-block-heading\">Sophisticated social engineering<\/h3>\n<p>The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies.<\/p>\n<p>Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments.<\/p>\n<p>The campaign employs multi-stage malware infection, including JADESNOW, BEAVERTAIL, and INVISIBLEFERRET variants affecting Windows, macOS, and Linux systems.<\/p>\n<p>Victims believe they\u2019re participating in legitimate job interviews while unknowingly downloading malware designed to gain persistent access to corporate networks and steal cryptocurrency holdings.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP. Summary Hackers embed malicious code in smart contracts to steal&hellip;<\/p>\n","protected":false},"author":1,"featured_media":11665,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13708","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/13708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=13708"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/13708\/revisions"}],"predecessor-version":[{"id":13709,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/13708\/revisions\/13709"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/11665"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=13708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=13708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=13708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}