Thursday, November 8, 2018

What is the impact of the malicious JavaScript code injection into StatCounter’s URI among cryptocurrency exchanges?

Colleagues, the world’s thirty-eight largest crypto exchange Gate.io was successfully hacked via the injection of code into StatCounter’s URI “myaccount/withdraw/BTC”. Reported by security firm ESET WeLiveSecurity indicated that although Gate.io is the only known crypto exchange effected, all of StatCounter’s some 2 million customer sites are at risk. For readers with a programming background the code was injected via the Dean Edwards JS packer in the middle of the script. We assume that economic gain is the chief motive although the ESET report did not provide corroborating details. This cyber-attack raises two questions. First, how susceptible are URIs (uniform resource identifiers) to injections via the Dean Edwards packer? And second, how many more web sites which use StatCounter – a competitor to Google Analytics – are effected? We will continue to research answers to both questions. Share a comment today! Lawrence – Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com/

No comments:

Post a Comment