ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on upwards to 700,000 websites that were bundled amongst the traffic tracking code from the leading spider web analytics platform StatCounter.
However, after analyzing the code, the researchers constitute that hackers managed to compromise StatCounter as well as successfully replaced its tracking script amongst malicious JavaScript code primarily designed to target customers of the Gate.io cryptocurrency exchange.
Like Google Analytics, StatCounter is likewise an old, but pop real-time spider web analytics platform reportedly beingness used yesteryear to a greater extent than than 2 i 1000 k websites as well as generates stats on over 10 billion page views per month.
Here's How Hackers Tried to Steal Bitcoins from Crypto Exchange
The "myaccount/withdraw/BTC" URI is solely associated amongst a gate.io webpage that offers users to brand Bitcoin withdrawals as well as transfers.
The malicious script was intended to supervene upon the goal Bitcoin address of transfers amongst an address belonging to the hackers.
"The script automatically replaces the goal Bitcoin address amongst an address belonging to the attackers, for example, 1JrFLmGVk1ho1UcMPq1WYirHptcCYr2jad," Faou explains inwards a report released Tuesday.
"The malicious server generates a novel Bitcoin address each fourth dimension a visitor loads the statconuter[.]com/c.php script. Thus, it is difficult to run across how many bitcoins accept been transferred to the attackers," he adds.
"As a novel Bitcoin address is generated each fourth dimension the malicious script is sent to the victim, nosotros were non able to run across how many bitcoins the attackers accept gathered."
Gate.io Removes StatCounter Following Security Breach
Attackers successfully breached StatCounter on Nov 3, as well as ESET notified the companionship on Nov v when it discovered the hack, which the safety theater labeled equally a "supply chain" assault because the malicious script has appeared on the service used yesteryear the target.
"Even if nosotros exercise non know how many bitcoins accept been stolen during this attack, it shows how far attackers larn to target i specific website, inwards particular, a cryptocurrency exchange," the researcher says.
StatCounter removed the malicious script on Nov 6, several hours earlier the Gate.io cryptocurrency telephone commutation platform stopped using the pop analytic service to preclude farther damage.
Gate.io likewise claimed the companionship after scanned its website amongst 56 antivirus products, as well as "no i reported whatsoever suspicious conduct at that time."
The telephone commutation likewise reported that its "users' funds are safe," but it did non discover how many customers who performed transfers betwixt Nov iii as well as half dozen had lost their funds, neither promised to reimburse those users.
Gate.io likewise urged its customers to maximize the safety levels on their accounts yesteryear enabling two-factor authentication (2FA) as well as two-step login protection.
