This article discusses the use of low-cost smart contracts on blockchains like Ethereum and BNB for deploying staged malware campaigns. It highlights North Korean threat actors UNC5342 and UNC5142 targeting cryptocurrency developers through social engineering and leveraging blockchain flexibility for malicious activities. #UNC5342 #EtherHiding
Keypoints
- Creating or modifying smart contracts costs less than $2 per transaction, enabling efficient malware deployment.
- Cybercriminals conduct social-engineering campaigns, like fake job recruitments, to lure targeted developers.
- Malware infections are staged and rely on smart contracts stored on Ethereum and BNB Smart Chain blockchains.
- North Korean group UNC5342 uses malware JadeSnow to retrieve payloads from blockchain-based nodes.
- Cyber actors exploit blockchain’s flexibility to update attack chains and evade detection, with North Korea stealing over $2 billion in cryptocurrency in 2025.