Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Nation-State Hackers Deliver Malware From “Bulletproof” Blockchains

North Korean hackers use EtherHiding to distribute malware via blockchain smart contracts, enabling stealthy updates with low costs and resistance to takedown, Google researchers found.

  • On Thursday, Google Threat Intelligence Group said UNC5342 has used EtherHiding since February to embed malware in smart contracts on public blockchains, marking the first state-backed use of this technique.
  • Because smart contracts are immutable and decentralized, decentralization and immutability prevent takedowns, while EtherHiding offers anonymity and low-cost updates, creating a `bulletproof` host, GTIG says.
  • Victims are targeted via fake job interviews and fabricated companies to download malicious files from GitHub or NPM, where Jadesnow loads InvisibleFerret and a credential stealer updating contracts over 20 times.
  • Security teams are advised to block risky file types, control browser updates, and enforce strict web access and script policies as GTIG says EtherHiding complicates campaign disruption.
  • Guardio Labs first documented EtherHiding in 2023, noting it repurposes smart-contract enforcement to create persistent hosting while traditional bulletproof hosts operate in countries without law-enforcement treaties and cater to crime-oriented hosting services.
Insights by Ground AI

15 Articles

Ars TechnicaArs Technica
Center

Nation-state hackers deliver malware from “bulletproof” blockchains

Hacking groups—at least one of which works on behalf of the North Korean government—have found a new and inexpensive way to distribute malware from “bulletproof” hosts: stashing them on public cryptocurrency blockchains. In a Thursday post, members of the Google Threat Intelligence Group said the technique provides the hackers with their own “bulletproof” host, a term that describes cloud platforms that are largely immune from takedowns by law e…

·United States
Read Full Article
BleepingComputerBleepingComputer
Center

North Korean hackers use EtherHiding to hide malware on the blockchain

North Korean hackers were observed employing the 'EtherHiding' tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience.

Read Full Article
Techzine EuropeTechzine Europe

North Korea uses blockchains as indelible malware hosts

North Korean threat actor UNC5342 is using a new technique to spread malware via public blockchains: EtherHiding.

Read Full Article
DataconomyDataconomy

Google: Hackers use EtherHiding on public blockchains

At least two distinct hacking organizations, including a North Korean state-linked actor and a financially motivated criminal group, are leveraging public blockchains to conceal and manage malware, according to research from Google’s Threat Intelligence Group. This method makes their operations highly resistant to conventional takedown efforts. The technique, which researchers have named EtherHiding, fundamentally alters how attackers manage and…

Read Full Article
cybernoz.comcybernoz.com

North Korean Hackers Exploit EtherHiding To Spread Malware And Steal Crypto Assets - Cybernoz - Cybersecurity News

The cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains like BNB Smart C…

Read Full Article
IT Brief AustraliaIT Brief Australia
+3 Reposted by 3 other sources

North Korean group uses blockchain to launch advanced malware

A North Korean group has used blockchain-based EtherHiding to secretly deploy malware, targeting developers in tech and cryptocurrency sectors worldwide.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Thursday, October 16, 2025.
Sources are mostly out of (0)

Similar News Topics

Blockchain icon

Blockchain

Google icon

Google

Technology icon

Technology

Ethereum icon

Ethereum

Cryptocurrency icon

Cryptocurrency

North Korea icon

North Korea

News
For You
SearchBlindspotLocal