嗯,用户让我用中文总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。好的,我先仔细读一下文章。 文章主要讲的是朝鲜的国家关联黑客开始利用公共区块链来传播恶意软件和窃取加密货币。这是研究人员首次发现国家行为者采用这种技术。Google的安全研究人员观察到一个由平壤支持的黑客组织UNC5342使用了一种叫做EtherHiding的方法,将恶意代码嵌入到以太坊和BNB智能链等去中心化网络的智能合约中。这种方法让恶意软件更难被阻止或移除,因为代码存储在区块链账本上,无法下线或更改。 从2月份开始,UNC5342利用EtherHiding作为社会工程活动的一部分,诱骗开发者下载伪装成工作相关文件或编码挑战的恶意软件。一旦打开文件,恶意脚本会连接到区块链,从智能合约中检索加密代码,进而安装JadeSnow加载器和InvisibleFerret后门程序。由于恶意负载存储在去中心化区块链上,传统移除手段无效。攻击者还能通过修改智能合约悄悄更新或替换恶意软件。 此外,区块链的匿名性质增加了匿名层,使识别幕后黑手更加困难。Google指出,虽然黑客依赖去中心化区块链存储代码,但他们仍通过中心化网络服务互动,这为防御者提供了监测和阻断的机会。 现在我需要把这些信息浓缩到100字以内,并且不使用特定的开头。我应该抓住关键点:朝鲜黑客、利用区块链、传播恶意软件、窃取加密货币、首次国家行为者采用、难以阻止和移除。 总结一下:朝鲜黑客利用公共区块链传播恶意软件和窃取加密货币。这是首个国家行为者采用该技术的案例。通过将恶意代码嵌入智能合约,攻击更难被阻止或移除。 </think> 朝鲜黑客利用公共区块链传播恶意软件并窃取加密货币,这是首个国家行为者采用该技术的案例。通过将恶意代码嵌入智能合约,攻击更难被阻止或移除。 2025-10-16 15:31:9 Author: therecord.media(查看原文) 阅读量:13 收藏
North Korean state-linked hackers have begun using public blockchains to deliver malware and steal cryptocurrency, in what researchers say is the first known case of a nation-state adopting the technique. Google security researchers said on Thursday that they observed a Pyongyang-backed hacking group, tracked as UNC5342, deploying a method known as EtherHiding — a way of embedding malicious code inside smart contracts on decentralized networks such as Ethereum and BNB Smart Chain. The technique makes it harder to block or remove malware, since the code is stored on blockchain ledgers that cannot be taken offline or altered. The malicious code remains accessible as long as the blockchain itself is operational, according to researchers. “This represents a shift toward next-generation bulletproof hosting,” Google said, noting that attackers are increasingly exploiting the same decentralization features that make blockchain resilient. Since February, UNC5342 has used EtherHiding as part of a social-engineering campaign that lures developers — often those working in the cryptocurrency or tech industries — into downloading malware disguised as job-related files or coding challenges. Once a target opens the file, a malicious script connects to the blockchain to retrieve encrypted code from a smart contract. That code installs the JadeSnow loader, which in turn delivers a more persistent backdoor known as InvisibleFerret that has been used in multiple cryptocurrency thefts. Because the malicious payloads are stored on decentralized blockchains, they cannot be removed by traditional takedown efforts. Attackers can also quietly update or replace their malware by modifying the smart contract, Google said. Blockchain’s pseudonymous nature adds another layer of anonymity, making it difficult to identify those behind the operation. Google said EtherHiding was first used in 2023 by a financially motivated group known as UNC5142, but this is the first time a state-sponsored actor has adopted it. The company added that while the hackers rely on decentralized blockchains to store their code, they still interact through centralized web services that defenders can monitor or block to disrupt attacks. “In other words, UNC5142 and UNC5342 are using permissioned services to interact with permissionless blockchains,” the researchers said. Malware hidden in smart contracts
Get more insights with the
Recorded Future
Intelligence Cloud.
如有侵权请联系:admin#unsafe.sh