DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains

Google Threat Intelligence Group (GTIG) has observed the North Korea threat actor UNC5342 using EtherHiding to deliver malware and facilitate cryptocurrency theft. This is the first time GTIG has observed a nation-state actor adopting this method. The attacker injects a small piece of JavaScript