Cybersecurity

Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum

58 sec read9 views0 listens

Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum

Overview:

TRU (Threat Research Unit) has uncovered a new malware variant, EtherRAT, which leverages the Ethereum blockchain for command-and-control (C2) communication. This innovative approach uses EtherHiding to obfuscate C2 infrastructure and evade traditional detection methods.

Malware Details:

Name: EtherRAT
Type: Remote Access Trojan (RAT)
Detection Method: Uses Ethereum RPC providers for C2 communication, making it difficult to detect via conventional means.
Persistence Mechanism: Utilizes Windows registry Run keys and executes silently through conhost.exe in headless mode.

Key Features:

Ethereum Blockchain Integration:
- EtherRAT employs Ethereum's blockchain technology to establish C2 communication channels.
- It queries multiple Ethereum RPC providers to retrieve commands or instructions from the blockchain, making it challenging for security solutions to intercept these communications.
Dynamic Code Updates:
- The malware periodically sends its current codebase to the C2 server and receives an updated version in return.
- This dynamic update mechanism helps

Read the full article at Cyber Security News

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Everest Ransomware Attack on VVO Finance in Germany

German financial services firm VVO Finance was targeted by the Everest ransomware group on May 28, 2026, resulting in a threat to release sensitive corporate data. This attack highlights the necessity for cybersecurity teams to conduct immediate comp...

Ali Nemati

AI & Machine LearningApr 527 sec read

Building a Decentralized Mesh Network in Rust - Lessons from the Global South

A cybersecurity student in Nairobi has developed GhostWire, a decentralized mesh communication platform that operates without central servers and uses AI to optimize routing decisions. This technology is crucial for maintaining connectivity during di...

Ali Nemati

Cybersecurity8 hours ago29 sec read

TheGentlemen Ransomware Targets Grupo Premier in Mexico

The ransomware group TheGentlemen has claimed responsibility for a cyberattack targeting Grupo Premier, a Mexican nuts and dried fruits company, and threatened to leak sensitive data. This incident highlights the ongoing threat of ransomware attacks ...

Ali Nemati

Cybersecurity2 days ago24 sec read

Incransom Breaches Belimed AG's Secure Network

On May 29, 2026, ransomware group Incransansom breached Belimed AG's secure network, exfiltrating 1.5TB of sensitive financial data and threatening to publish it unless demands are met. This attack highlights the critical need for continuous monitori...

Ali Nemati

CybersecurityMay 2026 sec read

GitHub says internal repositories were taken in poisoned VS Code extension attack

GitHub confirmed that internal repositories were compromised after an employee's device was infected by a malicious Visual Studio Code extension, highlighting the increasing risks to software development platforms and third-party tools. This incident...

Ali Nemati

Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum

Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum

Overview:

Malware Details:

Key Features:

Related Articles

Everest Ransomware Attack on VVO Finance in Germany

Building a Decentralized Mesh Network in Rust - Lessons from the Global South

TheGentlemen Ransomware Targets Grupo Premier in Mexico

Incransom Breaches Belimed AG's Secure Network

GitHub says internal repositories were taken in poisoned VS Code extension attack