{"id":60736,"date":"2026-05-26T00:00:00","date_gmt":"2026-05-26T00:00:00","guid":{"rendered":"urn:uuid:2cf18da1-c97c-2ae2-a15c-1009608b3273"},"modified":"2026-05-26T00:00:00","modified_gmt":"2026-05-26T00:00:00","slug":"smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/","title":{"rendered":"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/blockchainc2-thumb:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/26\/e\/blockchainc2-thumb.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><span class=\"body-subhead-title\">Conclusion&nbsp;<\/span><\/p>\n<p>This case is a concrete demonstration that blockchain-based payload delivery has graduated from a proof-of-concept curiosity to an operational threat.&nbsp;<\/p>\n<p>The\u202fEtherHiding\u202ftechnique exploited in this campaign\u202feliminates\u202fthe most disruption-accessible components of traditional malware infrastructure: domains, IP addresses, and hosting providers. All four smart contracts\u202fidentified\u202fin this investigation remain live on the BNB Smart Chain\u202ftestnet as of writing. No action taken by any security vendor, domain registrar, or law enforcement agency can alter or remove the payloads stored within them; This is not a\u202flimitation\u202fbut\u202fa fundamental property of immutable, decentralized infrastructure, and it demands that enterprise defenders rethink assumptions about what takedown-resistant C&amp;C looks like.\u202f<\/p>\n<p>We recommend enterprises implement controls across several layers:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">At the network layer, blocking outbound JSON-RPC traffic to known BNB Smart Chain\u202ftestnet\u202fRPC endpoint\u202fstarting with<i>\u202fbsc-testnet-rpc.publicnode[.]com<\/i> removes the contract query step before any payload executes.&nbsp;<\/span><\/li>\n<li><span class=\"rte-red-bullet\">At the endpoint layer, disabling the Windows\u202fWebClient\u202fservice on workstations that do not require WebDAV\u202feliminates\u202fthe delivery mechanism for the remote DLL loader entirely. Where\u202fWebClient\u202fcannot be disabled, behavioral detection rules targeting <i>rundll32.exe<\/i> with UNC path arguments are highly effective.&nbsp;<\/span><\/li>\n<li><span class=\"rte-red-bullet\">At the browser layer, enterprise browser management policies that restrict clipboard write access can interrupt the\u202fClickFix\u202fsocial engineering step before the victim executes the injected command. Organizations should also consider blocking or\u202falerting on<i>\u202feth_call<\/i>\u202fand JSON-RPC patterns in web proxy logs as an early-warning indicator for\u202fEtherHiding\u202factivity across their fleet.&nbsp;<\/span><\/li>\n<li><span class=\"rte-red-bullet\">At the end-user layer, awareness training on fake CAPTCHA and\u202fClickFix\u202flures\u202fis\u202fthe first line of defense against the social engineering\u202fcomponent, as\u202fthe\u202fentire post-infection chain in this case required a single deliberate action by the victim.\u202f<\/span><\/li>\n<\/ul>\n<p>TrendAI\u202fVision One\u2122\u202fprovides the cross-layer detection and investigation capability that enabled this case to be fully reconstructed. The platform\u2019s endpoint sensor captured the complete execution chain from the\u202finitial\u202f<i>rundll32<\/i> launch through remote thread injection,\u202f<i>dllhost\u202f<\/i>spawning, and Python RAT file drops correlating each event across process, file, and network telemetry in a single unified view.\u202f<\/p>\n<p>TrendAI\u2122 Managed Detection and Response (MDR) provides 24\/7 expert-led threat monitoring and response backed by\u202fTrendAI\u2122\u202fglobal threat intelligence. In this analysis,\u202fTrendAI\u2122\u202fMDR analysts pivoted from a single high-confidence endpoint alert to a full reconstruction of the blockchain delivery infrastructure\u202fto the\u202fSectopRAT\u202fpayload.\u202f<\/p>\n<p><span class=\"body-subhead-title\">TrendAI Vision One\u2122 Threat Intelligence Hub<\/span><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/threat-intelligence.html\">TrendAI Vision One\u2122 Threat Intelligence Hub<\/a> provides the latest insights on emerging threats and threat actors, exclusive strategic reports from TrendAI\u2122 Research, and TrendAI Vision One\u2122 Threat Intelligence Feed in the TrendAI Vision One\u2122 platform.<\/p>\n<p>Emerging Threats: <a href=\"https:\/\/portal.xdr.trendmicro.com\/index.html#\/app\/ti\/intelligence_insights?name=Smart%20Contracts%20for%20C%26C%3A%20How%20ClearFake%20Hid%20in%20Plain%20Sight%20on%20BSC%20Testnet\">Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet<\/a><\/p>\n<p><b>TrendAI Vision One\u2122 Intelligence Reports (IOC Sweeping)\u202f<\/b><\/p>\n<p><a href=\"https:\/\/portal.xdr.trendmicro.com\/index.html#\/app\/ti\/intelligence?intrusionSet=Smart%20Contracts%20for%20C%26C%3A%20How%20ClearFake%20Hid%20in%20Plain%20Sight%20on%20BSC%20Testnet\">https:\/\/portal.xdr.trendmicro.com\/index.html#\/app\/ti\/intelligence?intrusionSet=Smart%20Contracts%20for%20C%26C%3A%20How%20ClearFake%20Hid%20in%20Plain%20Sight%20on%20BSC%20Testnet<\/a><\/p>\n<p><span class=\"body-subhead-title\">Hunting Queries\u202f<\/span><\/p>\n<p><span class=\"blockquote\">eventSubId: 301 AND hostName:bsc-testnet-rpc.publicnode.com AND processName:(chrome.exe OR msedge.exe OR microsoftedge.exe OR firefox.exe OR iexplore.exe OR opera.exe OR brave.exe OR vivaldi.exe OR waterfox.exe)<\/span><\/p>\n<p>Detects DNS query from common browser processes to Binance Smart Chain testnet RPC endpoint, an indication that the user browsed a compromised website with ClearFake embedded JS. Acceptable false positives for users developing web3 apps.<\/p>\n<p><span class=\"blockquote\">eventSubId: 701 AND parentName:rundll32.exe AND parentCmd:\\\\*** AND objectCmd:(chrome.exe OR msedge.exe OR microsoftedge.exe OR firefox.exe OR iexplore.exe OR opera.exe OR brave.exe OR vivaldi.exe OR waterfox.exe)<\/span><\/p>\n<p>Detects browser process injection initiated originating from the execution of malicious DLL hosted on remote WebDAV UNC path to common browser processes.<\/p>\n<p><span class=\"body-subhead-title\">TrendAI Vision One\u2122 XDR Data Explorer App\u202f<\/span><\/p>\n<p>TrendAI Vision One\u2122 customers can use the XDR Data Explorer App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.\u202f\u202f\u202f\u202f<\/p>\n<p>More hunting queries are available for TrendAI Vision One\u2122 with\u202f Threat Intelligence Hub entitlement enabled.\u202f<\/p>\n<p><span class=\"body-subhead-title\">Indicators of Compromise<\/span><\/p>\n<p>Indicators of compromise can be found <a href=\"https:\/\/documents.trendmicro.com\/assets\/txt\/Smart-Contracts-for-C2-IoC-list-kJLTXB3.txt\">here<\/a>.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/26\/e\/smart-contracts-for-command-and-control.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TrendAI\u2122 Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer alongside an on-chain execution tracker that confirmed each victim compromise in real time. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":60737,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9521,9511,9534,9509],"class_list":["post-60736","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-crime","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-latest-news","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-26T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/blockchainc2-thumb:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet\",\"datePublished\":\"2026-05-26T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/\"},\"wordCount\":692,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Crime\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Latest News\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/\",\"name\":\"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg\",\"datePublished\":\"2026-05-26T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/","og_locale":"en_US","og_type":"article","og_title":"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-05-26T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/blockchainc2-thumb:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet","datePublished":"2026-05-26T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/"},"wordCount":692,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Crime","Trend Micro Research : Cyber Threats","Trend Micro Research : Latest News","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/","url":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/","name":"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg","datePublished":"2026-05-26T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet.jpg","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/smart-contracts-for-cc-how-clearfake-hid-in-plain-sight-on-bsc-testnet\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Smart Contracts for C&amp;C: How ClearFake Hid in Plain Sight on BSC Testnet"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60736"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60736\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60737"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}