DeadLock is a ransomware operation that exploits Polygon blockchain smart contracts to manage proxy server addresses, showcasing a novel and resilient command-and-control technique. Its use of decentralized blockchain technology presents new challenges for cybersecurity defenses and indicates a potential trend in blockchain abuse by cybercriminals. #DeadLock #Polygon #BlockchainAbuse
Keypoints
- DeadLock first appeared in July 2025 and has maintained a low profile but demonstrates innovative infrastructure management.
- The malware retrieves proxy addresses from Polygon smart contracts to manipulate communication channels securely and covertly.
- Its blockchain-based approach complicates traditional blocking methods due to read-only smart contract calls that do not incur network fees.
- DeadLock employs remote management tools like AnyDesk and PowerShell scripts to enhance its encryption and encryption impact.
- The use of decentralized platforms for command-and-control signals indicates a growing trend that challenges current detection strategies.
Read More: https://www.infosecurity-magazine.com/news/deadlock-polygon-smart-contracts/