Svmuu News: According to Group-IB’s monitoring, the DeadLock ransomware family is using Polygon smart contracts to distribute and rotate proxy server addresses in order to evade security detection. First discovered in July 2025, the malware embeds JavaScript code that interacts with the Polygon network within HTML files, using an RPC list as a gateway to retrieve server addresses controlled by the attackers. This technique is similar to the previously discovered EtherHiding, which aims to leverage decentralized ledgers to build covert communication channels that are difficult to block. DeadLock has spawned at least three variants so far, with the latest version also embedding the encrypted messaging app Session to communicate directly with victims.