https://meltedinhex.com/tags/invisibleferret/ Recent content in InvisibleFerret on Melted in Hex https://meltedinhex.com/images/og-social.png https://meltedinhex.com/images/og-social.png Hugo en-us Mon, 22 Jun 2026 00:30:00 +0530 https://meltedinhex.com/posts/polinrider-blockchain-dead-drop-npm/ Mon, 22 Jun 2026 00:30:00 +0530 https://meltedinhex.com/posts/polinrider-blockchain-dead-drop-npm/ <p>We have all trained ourselves to look for the call home: the hard-coded IP, the suspicious <code>.xyz</code> domain, the base64 URL that decodes to something hostile. This loader has none of that. Strip it to nothing and you find an address on the TRON blockchain, which points to a Binance Smart Chain transaction sent to a burn address so it can never be spent or deleted. The next stage sits in that transaction&rsquo;s data field, XOR-encrypted. You cannot sinkhole it, and you cannot file a takedown against an immutable transaction replicated across thousands of nodes. The technique has a name, <em>EtherHiding</em>, and it turns a public blockchain into bulletproof, censorship-proof storage for malware.</p>