Hackers managed to embed malicious code into the main script that tracks website traffic. Nothing major, but not in this case. This time it is about StatCounter, one of the largest suppliers of analytical tools and software for monitoring traffic statistics in the USA. In this way, it managed to infect nearly 700,000 pages. However, the real goal was only one specific URL domain: Gate.io, a cryptocurrency exchange that currently supports Bitcoin worth more than 1.7 million US dollars. It is not known, however, how many thieves were able to steal. Although the malicious code was first added to the StatCounter script over the weekend, it has not yet been completely removed.
StatCounter is a tool similar to the popular Google Analytics. It enables the analysis of internet traffic flowing through websites. Webmasters must add special StatCounter code to their sites to count statistics. And this is the element hackers used to spread malicious code. As the attack on Gate.io specifically was not possible, the attackers infected the code intended for all StatCounter users. During the attack, the exploit redirected Bitcoins to the attackers’ own accounts.
The link to the infected transaction must contain the string “myaccount / withdraw / BTC”. “The attacker modified the script at www.statcounter [.] Com / counter / counter.js, adding a piece of malicious code. In the middle of the script. The code injected into the middle of an existing script is usually more difficult to detect by accidental observation,” explains Matthieu Faou, a specialist in malware and hacking attacks who described the whole matter. Gate.io announced that it will completely remove StatCounter from its website. He also urged users to enable two-factor authentication and two-step login protection.