Cybercriminals Exploit BSC Smart Contracts for Malware Spread

Cybercriminals have discovered a new method for spreading virus software among users. According to research conducted by Guardio Labs, attackers have begun manipulating BNB Smart Chain (BSC) smart contracts to conceal malware and spread malicious code.

Analysts note that the attack compromises WordPress websites by injecting code that extracts fragments of blockchain contract payloads.

In essence, attackers use BSC smart contracts as anonymous, free hosting platforms to conceal valuable data.

Experts note that hackers can update their codes and alter their attack methods. The most recent attacks involve bogus browser updates, in which victims are asked to update their browsers via a fake landing page and link.

In turn, this causes complete site corruption by distributing malware via bogus browser updates.

With this attack, an adversary can modify a series of attacks by changing the malicious code in each new blockchain transaction. Nati Tal, the head of cybersecurity at Guardio Labs, notes that this makes future prevention of these attacks more difficult.

Once deployed, infected smart contracts operate autonomously. Tal explained that the only recourse available to Binance is to rely on its developer community to flag malicious code in contracts once it is discovered.

At the end of the previous quarter, the cryptocurrency market experienced $685 million in losses. The number of fraudulent schemes decreased by nearly 24% compared to 2022.

In three months, the cryptocurrency market lost $685 million due to hacker attacks such as scams and rag pulls. This is 59.9% more than the $428 million thieves stole in the third quarter of 2022.