Malicious software That Try to steal Bitcoins over 600,000 sites

Malicious software That Try to steal Bitcoins over 600,000 sites

Malicious software That Try to steal Bitcoins over 600,000 sites

Hackers interested in encrypted digital currencies hacked into one of the largest Web analytics platforms and services in order to get the Bitcoin encrypted digital currency from users of the exchange platform.According to security researcher Matthieu Faou, who discovered the hacker, the hackers inserted malicious code into the main JavaScript tracking file of the StatCounter platform, in order to steal any keystone transactions made through the Web interface of the exchange platform.

StatCounter is very similar to Google Analytics because it allows analysis of web traffic flowing through sites, and webmasters must add StatCounter platform code to their sites in order to get traffic tracking statistics and review the traffic log.The targeted attack resulted in malicious code being distributed in more than 688,000 Web sites. Hackers took advantage of this design to spread their malicious code as widely as possible, as the attack redirected Bitquin from encrypted digital currency traders, especially when users of the platform withdrew or transferred their own Bitquin currency.

The malicious code also replaces any home address entered in the tab with another title owned by the hackers.The security researcher also noted that the impact of malicious code has taken up nearly a million Web sites using the StatCounter platform analysis service, but the threat has focused entirely on the encrypted digital exchange platform, which currently deals with more than 1.7 million dollars of the currency of Daily.

Malicious code does nothing unless the link contains the specified string "myaccount / withdrawal / BTC".Matthew Faow explained that the platform is the only site that uses a URL containing this string. Although the security breach lasted only a few days, it was difficult to determine how many people were affected by the attack, or how much money the hackers could get.

The script automatically creates a new homeowner address each time it is run, which greatly limits the ability to link your homeowner transactions together in a clear way.The exchange platform, currently 39th in line with CoinMarketCap, said it would remove StatCounter from its Web site completely, and urged users to enable dual authentication and two-step login protection.

Post a Comment