Disclaimer:All content on this platform is sourced from the internet and is provided for informational purposes only. None of the content represents the views of this site, nor does it constitute investment advice. Please exercise caution when investing.
DeadLock ransomware uses Polygon smart contracts to evade detection
Svmuu News: According to Group-IB’s monitoring, the DeadLock ransomware family is using Polygon smart contracts to distribute and rotate proxy server addresses in order to evade security detection. First discovered in July 2025, the malware embeds JavaScript code that interacts with the Polygon network within HTML files, using an RPC list as a gateway to retrieve server addresses controlled by the attackers. This technique is similar to the previously discovered EtherHiding, which aims to leverage decentralized ledgers to build covert communication channels that are difficult to block. DeadLock has spawned at least three variants so far, with the latest version also embedding the encrypted messaging app Session to communicate directly with victims.
Disclaimer: This content reflects the author's personal views only and does not constitute investment advice. If you find any violations, please Click to Report
Recommended Reading


