JavaScript attack aimed to reroute bitcoin transactions

A newly identified JavaScript vulnerability in StatCounter, a popular web analytics platform, allowed hackers to attempt to re-route bitcoin transfers associated with a specific cryptocurrency exchange. Attackers were able to inject a piece of their own code into JavaScript associated with StatCounter’s system, according to research from ESET. The malicious code searches for URLs that contain “myaccount/withdraw/BTC,” with the intention of replacing the destination address of transfers with an address belonging to the attackers, ESET reports. The attack target appears to be cryptocurrency trading site Gate.io, the report says, given that it is the only one that uses the “myaccount/withdraw/BTC” Uniform Resource Identifier (URI). “The users’ funds are safe,” Gate.io said, but it urged customers to maximize the security levels on their accounts. ESET said it notified the company as soon as it discovered the hack, which it labeled as a “supply chain” attack, given where the malicious code appeared. The company said Wednesday that it has stopped […]

The post JavaScript attack aimed to reroute bitcoin transactions appeared first on Cyberscoop.

Continue reading JavaScript attack aimed to reroute bitcoin transactions