According to Mars Finance, Group-IB monitoring indicates that the DeadLock ransomware family is exploiting the Polygon smart contract to distribute and rotate proxy server addresses to evade security detection. This malware, first discovered in July 2025, uses embedded JavaScript code that interacts with the Polygon network within HTML files, leveraging a list of RPCs as a gateway to obtain attacker-controlled server addresses. This technique, similar to the previously discovered EtherHiding, aims to utilize decentralized ledgers to build difficult-to-hide covert communication channels. DeadLock currently has at least three variants, with the latest version embedding the encrypted communication application Session for direct communication with victims.
DeadLock ransomware uses Polygon smart contracts to evade tracking.
This article is machine translated
Show original
Source
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
