-->
Statcounter Analytics Code Hijacked To Pocket Bitcoins From Cryptocurrency Users

Statcounter Analytics Code Hijacked To Pocket Bitcoins From Cryptocurrency Users

Statcounter Analytics Code Hijacked To Pocket Bitcoins From Cryptocurrency Users

 Late concluding calendar week an unknown hacker or a grouping of hackers successfully targeted a cryptocurr StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
Late concluding calendar week an unknown hacker or a grouping of hackers successfully targeted a cryptocurrency telephone commutation amongst an aim to pocket Bitcoins yesteryear compromising the spider web analytics service it was using.

ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on upwards to 700,000 websites that were bundled amongst the traffic tracking code from the leading spider web analytics platform StatCounter.

However, after analyzing the code, the researchers constitute that hackers managed to compromise StatCounter as well as successfully replaced its tracking script amongst malicious JavaScript code primarily designed to target customers of the Gate.io cryptocurrency exchange.

Like Google Analytics, StatCounter is likewise an old, but pop real-time spider web analytics platform reportedly beingness used yesteryear to a greater extent than than 2 i 1000 k websites as well as generates stats on over 10 billion page views per month.

Here's How Hackers Tried to Steal Bitcoins from Crypto Exchange

 Late concluding calendar week an unknown hacker or a grouping of hackers successfully targeted a cryptocurr StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
Though the malicious code was likewise injected into other hundreds of thousands of websites using the StatCounter service, the script merely gets activated when the URL or content of the webpage contained a specific Uniform Resource Identifier (URI): myaccount/withdraw/BTC.

The "myaccount/withdraw/BTC" URI is solely associated amongst a gate.io webpage that offers users to brand Bitcoin withdrawals as well as transfers.

The malicious script was intended to supervene upon the goal Bitcoin address of transfers amongst an address belonging to the hackers.

"The script automatically replaces the goal Bitcoin address amongst an address belonging to the attackers, for example, 1JrFLmGVk1ho1UcMPq1WYirHptcCYr2jad," Faou explains inwards a report released Tuesday.

"The malicious server generates a novel Bitcoin address each fourth dimension a visitor loads the statconuter[.]com/c.php script. Thus, it is difficult to run across how many bitcoins accept been transferred to the attackers," he adds.

"As a novel Bitcoin address is generated each fourth dimension the malicious script is sent to the victim, nosotros were non able to run across how many bitcoins the attackers accept gathered."
 Late concluding calendar week an unknown hacker or a grouping of hackers successfully targeted a cryptocurr StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
According to the researcher, the malicious script was added to the middle of the legitimate StatCounter's JavaScript, which typically makes the malicious code harder to uncovering via "casual observation."

Gate.io Removes StatCounter Following Security Breach


Attackers successfully breached StatCounter on Nov 3, as well as ESET notified the companionship on Nov v when it discovered the hack, which the safety theater labeled equally a "supply chain" assault because the malicious script has appeared on the service used yesteryear the target.

"Even if nosotros exercise non know how many bitcoins accept been stolen during this attack, it shows how far attackers larn to target i specific website, inwards particular, a cryptocurrency exchange," the researcher says.

StatCounter removed the malicious script on Nov 6, several hours earlier the Gate.io cryptocurrency telephone commutation platform stopped using the pop analytic service to preclude farther damage.

Gate.io likewise claimed the companionship after scanned its website amongst 56 antivirus products, as well as "no i reported whatsoever suspicious conduct at that time."

The telephone commutation likewise reported that its "users' funds are safe," but it did non discover how many customers who performed transfers betwixt Nov iii as well as half dozen had lost their funds, neither promised to reimburse those users.

Gate.io likewise urged its customers to maximize the safety levels on their accounts yesteryear enabling two-factor authentication (2FA) as well as two-step login protection.
Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser