700,000 infected pages. The target of the Gate.io attack, Bitcoin exchange

Hackers managed to embed malicious code into the main script that tracks website traffic. Nothing major, but not in this case. This time it is about StatCounter, one of the largest suppliers of analytical tools and software for monitoring traffic statistics in the USA. In this way, it managed to infect nearly 700,000 pages. However, the real goal was only one specific URL domain: Gate.io, a cryptocurrency exchange that currently supports Bitcoin worth more than 1.7 million US dollars. It is not known, however, how many thieves were able to steal. Although the malicious code was first added to the StatCounter script over the weekend, it has not yet been completely removed.

StatCounter is a tool similar to the popular Google Analytics. It enables the analysis of internet traffic flowing through websites. Webmasters must add special StatCounter code to their sites to count statistics. And this is the element hackers used to spread malicious code. As the attack on Gate.io specifically was not possible, the attackers infected the code intended for all StatCounter users. During the attack, the exploit redirected Bitcoins to the attackers’ own accounts.

The link to the infected transaction must contain the string “myaccount / withdraw / BTC”. “The attacker modified the script at www.statcounter [.] Com / counter / counter.js, adding a piece of malicious code. In the middle of the script. The code injected into the middle of an existing script is usually more difficult to detect by accidental observation,” explains Matthieu Faou, a specialist in malware and hacking attacks who described the whole matter. Gate.io announced that it will completely remove StatCounter from its website. He also urged users to enable two-factor authentication and two-step login protection.

READ  The new YouTube feature will protect you from fake news when you search for a video

Matthieu Faou claims. that: “even if we don’t know how many bitcoins were stolen during this attack, we saw how far hackers could go to attack a particular website, in particular the cryptocurrency exchange.” To achieve this, they broke into an analytics service website that is used by over two million other websites, including several government-related websites. “It also makes you aware that even if your site is updated and well protected, its weakest link is still vulnerable. In this case it was an external resource. This is another reminder that external JavaScript code is under third party control and can be modified at any time without notice, “adds Matthieu Faou.


Facebook Comments

You may also like...