A North Korean-linked threat group has adopted the EtherHiding technique to spread malware and steal cryptocurrencies, marking a notable escalation in cyberattack methods. This campaign involves sophisticated social engineering and multi-stage malware targeting various operating systems to access sensitive data and digital assets. #NorthKorea #EtherHiding
Keypoints
- The threat actor is connected to North Korea and uses EtherHiding on blockchain platforms like Ethereum.
- The campaign, named Contagious Interview, involves social engineering via LinkedIn, Telegram, and Discord to infect targets.
- EtherHiding embeds malicious code within smart contracts, making it resistant to takedown and hard to trace.
- The malware chain includes npm packages, BeaverTail JavaScript stealer, JADESNOW downloader, and InvisibleFerret backdoor.
- This development signals an evolution in threat tactics, leveraging blockchain technology for stealthy, flexible malware distribution.
Read More: https://thehackernews.com/2025/10/north-korean-hackers-use-etherhiding-to.html