VERY IMPORTANT

North Korean threat actor UNC5342 has been observed using 'EtherHiding' to deliver malware and facilitate cryptocurrency theft. EtherHiding embeds malicious code within smart contracts on public blockchains, turning them into resilient command-and-control servers. The attack chain involves social engineering, injecting loader scripts, fetching payloads from blockchains, and executing malware. UNC5342's campaign targets developers in the cryptocurrency and technology sectors, using elaborate fake recruitment processes. The malware infection process includes JADESNOW, BEAVERTAIL, and INVISIBLEFERRET, which collect sensitive data and provide remote system control. The attackers leverage multiple blockchains and API services, making the technique challenging to mitigate.