Attackers previously stored the malicious code on typical webhosting services, but those services began to take it down. Now, some have started using Binance's blockchain to store these payloads, taking advantage of the immutable nature of blockchains to prevent anyone from taking it down.
An otherwise very "web2" hack has taken on a web3 twist as hackers have started to store malicious code on the blockchain. Attackers first compromise WordPress websites, then show a screen to visitors telling them they need to update their browser to view the website. When the visitor does so, the site downloads malware which then harvests information like login credentials.