JADESNOW (Malware Family)

JADESNOW

aka: ChainedDown

JADESNOW is a JavaScript-based downloader malware family associated with the threat cluster UNC5342. JADESNOW utilizes EtherHiding to fetch, decrypt, and execute malicious payloads from smart contracts on the BNB Smart Chain and Ethereum. The input data stored in the smart contract may be Base64-encoded and XOR-encrypted. The final payload in the JADESNOW infection chain is usually a more persistent backdoor like INVISIBLEFERRET.JAVASCRIPT.

References

2025-10-20 ⋅ Ransom-ISAC ⋅ Ellis Stannard
Cross-Chain TxDataHiding Crypto Heist: A Very Chainful Process (Part 1)
JADESNOW

2025-10-16 ⋅ Mandiant ⋅ Blas Kojusner, Joseph Dobson, Robert Wallace
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains
JADESNOW

2025-06-12 ⋅ Aikido ⋅ Charlie Eriksen
A deeper look into the threat actor behind the react-native-aria attack
JADESNOW

2025-06-06 ⋅ Aikido ⋅ Charlie Eriksen
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
JADESNOW

There is no Yara-Signature yet.

JADESNOW Propose Change

References

JADESNOW