Malware Uses Ethereum Smart Contracts to Keep C2 Infrastructure Alive

A new type of malware, LoaderClient, has been discovered to be using Ethereum smart contracts to keep its command-and-control infrastructure alive. Disguised as a generic Minecraft modification, this malicious payload serves as the initial infection vector for the rapidly expanding WeedHack campaign.

Once executed, it secretly harvests live authentication data without triggering typical operating system warnings. The malware stands out by avoiding traditional domain hardcoding in favor of an advanced evasion technique called EtherHiding.

This ensures that the operators maintain persistent access to infected machines even if their primary web portals are shut down.