This is getting good – everybody’s 2018 darling technology, the blockchain (remember? “Blockchains will replace the Internet!”) found a new use case: the distribution of malware. And as blockchains come with such lovely features as immutability (what’s recorded on the blockchain can’t be removed), it means you can’t remove the malware once it’s planted.
There’s a wide array of advantages to EtherHiding over more traditional means of delivering malware, which besides bulletproof hosting include leveraging compromised servers.
- The decentralization prevents takedowns of the malicious smart contracts because the mechanisms in the blockchains bar the removal of all such contracts.
- Similarly, the immutability of the contracts prevents the removal or tampering with the malware by anyone.
- Transactions on Ethereum and several other blockchains are effectively anonymous, protecting the hackers’ identities.
- Retrieval of malware from the contracts leaves no trace of the access in event logs, providing stealth
- The attackers can update malicious payloads at anytime
↗ Nation-state hackers deliver malware from “bulletproof” blockchains
