Supply-chain attack on cryptocurrency exchange gate.io
Contents
[Update on Wednesday, November 7] On November 6, StatCounter removed the malicious script. Several hours before, Gate.io stopped using StatCounter analytics services to prevent further infections. Thus, this incident is now resolved and both websites can be browsed safely.
On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors – a service very similar to Google Analytics. To do so, webmasters usually add an external JavaScript tag incorporating a piece of code from StatCounter – www.statcounter[.]com/counter/counter.js – into each webpage. Thus, by compromising the StatCounter platform, attackers can inject JavaScript code in all websites that use StatCounter.
According to their website, StatCounter has more than 2 million member sites and it computes stats on more than 10 billion page views per month. This information is in line with its Alexa rank being a bit above 5000. For …
On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors – a service very similar to Google Analytics. To do so, webmasters usually add an external JavaScript tag incorporating a piece of code from StatCounter – www.statcounter[.]com/counter/counter.js – into each webpage. Thus, by compromising the StatCounter platform, attackers can inject JavaScript code in all websites that use StatCounter.
According to their website, StatCounter has more than 2 million member sites and it computes stats on more than 10 billion page views per month. This information is in line with its Alexa rank being a bit above 5000. For …
IoC
http://statcounter.com/counter/counter.js
http://statconuter.com/c.php
http://statconuter.com/c.php