North Korean state-backed hackers have developed a new technique called EtherHiding to embed malicious code into blockchain networks, according to a report by Google Threat Intelligence Group (GTIG) on October 17. This method allows attackers to use smart contracts on public blockchains like Ethereum and BNB Smart Chain to store and distribute malware, leveraging the immutable nature of blockchains to make the code nearly impossible to remove. The EtherHiding technique involves exploiting unpatched vulnerabilities or using stolen credentials to inject JavaScript into legitimate WordPress sites, which then connect to the blockchain to retrieve malware. These attacks, first identified in September 2023 as part of the CLEARFAKE campaign, leave no visible transaction traces and incur minimal costs. GTIG warns that this represents a strategic shift in North Korea's digital operations, using blockchain as a stealthy tool for cyberattacks. Users are advised to block suspicious downloads and restrict unauthorized web scripts to mitigate risks.