Skip to main content

Nearly 700,000 websites are hacked in bid to steal cryptocurrency

pwstudio/123RF

Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script.

Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money.

“Attackers modified the script at www.statcounter[.]com/counter/counter.js by adding a piece of malicious code. … In the middle of the script. This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file. Code injected into the middle of an existing script is typically harder to detect via casual observation,” explains Faou.

The breach was pretty clever and is still live, as all websites running Statcounter need to add a specific code to a website in order to grab more information about users. Hackers clearly leveraged that to their advantage even though the Gate.io service used in the script now claims it doesn’t use Statcounter anymore.

It is still unknown how many end users were truly impacted by this attack, or how much money hackers made. Statcounter has yet to issue a public response, but Gate.io issued a lengthy statement on its website.

“On Nov. 6, 2018, we got the notice from ESET researcher’s report and the “ESET Internet Security” product that there’s a suspicious behavior in Statcounter’s traffic stats service. We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that time. …  However, we still immediately removed the Statcounter’s service. After that, we didn’t find any other suspicious behaviors. We want to express our great appreciation and respect to the researcher from ESET Malware Researcher,” said Gate.io.

Cryptocurrency hacks are becoming more common as Bitcoin and Ethereum pick up value. The hack also raises concerns about the nature of external Javascript, since it can easily be modified. Similar cryptocurrency focused hacks have occurred in the past, particularly with Adobe Flash installers.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Best router deals: Save on mesh networks and Wi-Fi 6 routers
The Netgear Nighthawk AXE11000 Tri-Band Wi-Fi 6E Router on a table.

Strangely enough, routers have had a huge technological bump in the last few years due to the number of devices that need to be connected to the internet. That's one of the main aspects of the new Wi-Fi 6, a standard that not only increases speeds and quality of the connection but addresses the issue with ten devices or more needing to connect to the internet constantly without impacting quality. To that end, if you haven't upgraded your router or mesh network in three to five or more years but are increasingly buying more smart-home products, grabbing a modern router with the latest technology is probably a good idea.

Best Router Deals

Read more
Intel says AMD’s Ryzen 7000 is snake oil
AMD CEO Lisa Su holding an APU chip.

In what is one of the most bizarrely aggressive pieces of marketing material I've seen, Intel is comparing AMD's Ryzen 7000 mobile chips to snake oil. Over the weekend, Intel posted its Core Truths playbook, which lays out how AMD's mobile processor naming scheme misleads customers.

There's an element of truth to that, which I'll get to in a moment, but first, the playbook. Intel starts with claiming that there's a "long history of selling half-truths to unsuspecting customers" alongside images of a snake oil salesman and a suspicious used car seller. This sets up a comparison between the Ryzen 5 7520U and the Core i5-1335U. Intel's chip is 83% faster, according to the presentation, due to the older architecture that AMD's part uses.

Read more
Don’t miss these deals on the Meta Quest 2 and Meta Quest Pro
A model poses with a Meta Quest Pro over a colorful background.

Meta isn’t just the parent company of Facebook, it’s also become a pioneer in the new wave of virtual reality. It has a lineup of virtual reality headsets to shop, and a couple of them are seeing deals today. Both the Meta Quest 2 and the Meta Quest Pro have their price dropped at Best Buy, with the more affordable Quest 2 seeing a sale price of $250 and the high-end Quest Pro discounted to $924. Best Buy is including free shipping with a purchase of either VR headset.
Meta Quest 2 VR headset — $250, was $300

The Meta Quest 2 isn’t the newest Meta Quest on the market, but it holds up really well when it comes to offering an immersive virtual experience. It has a super fast process and a high resolution display, both of which manage to handle the strains of virtual reality processing. The experience remains seamless and smooth even with more current software. If you want something brand new, the Meta Quest 3 is on the market, but both the Meta Quest 3 and Quest 2 offer total immersion with 3D positional audio, hand tracking, and haptic feedback that makes virtual worlds feel real. With the Meta Quest 2 you can explore more than 250 software titles across categories like gaming, fitness, socials and entertainment.

Read more