Skip to main content

Nearly 700,000 websites are hacked in bid to steal cryptocurrency

pwstudio/123RF

Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script.

Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money.

Related Videos

“Attackers modified the script at www.statcounter[.]com/counter/counter.js by adding a piece of malicious code. … In the middle of the script. This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file. Code injected into the middle of an existing script is typically harder to detect via casual observation,” explains Faou.

The breach was pretty clever and is still live, as all websites running Statcounter need to add a specific code to a website in order to grab more information about users. Hackers clearly leveraged that to their advantage even though the Gate.io service used in the script now claims it doesn’t use Statcounter anymore.

It is still unknown how many end users were truly impacted by this attack, or how much money hackers made. Statcounter has yet to issue a public response, but Gate.io issued a lengthy statement on its website.

“On Nov. 6, 2018, we got the notice from ESET researcher’s report and the “ESET Internet Security” product that there’s a suspicious behavior in Statcounter’s traffic stats service. We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that time. …  However, we still immediately removed the Statcounter’s service. After that, we didn’t find any other suspicious behaviors. We want to express our great appreciation and respect to the researcher from ESET Malware Researcher,” said Gate.io.

Cryptocurrency hacks are becoming more common as Bitcoin and Ethereum pick up value. The hack also raises concerns about the nature of external Javascript, since it can easily be modified. Similar cryptocurrency focused hacks have occurred in the past, particularly with Adobe Flash installers.

Editors' Recommendations

Resident Evil 4 Remake PC: best settings, ray tracing, FSR, and more
Leon parries a chainsaw villager in Resident Evil 4.

Resident Evil 4 Remake is undoubtedly one of the most visually impressive PC releases we've seen in the past few years. Leveraging the highly scalable RE Engine, the game looks great while accommodating a wide range of hardware. In this guide, we're going to help you find the best settings.

In addition to the flexible engine, Resident Evil 4 Remake includes upscaling options and ray tracing to push high-end rigs to their limit. I've spent a few hours testing the game to dig into how ray tracing performs, what the best settings are, and what you can expect out of upscaling.
Best settings for Resident Evil 4 Remake

Read more
This Lenovo 2-in-1 laptop just had its price cut to $630
lenovo ideapad flex 5 laptop deal walmart black friday sale 2020

If you want a laptop but also love the convenience and flexibility of a tablet, consider buying a 2-in-1. These are great combo devices that work exactly like both devices, saving you the money and hassle of buying both. You can save even more money if you shop Lenovo's 2-in-1 laptop deals. Right now the Lenovo IdeaPad Flex 5 is $298 off. You can grab it for only $632 instead of its usual $930. Let us tell you why we love it.

Why you should buy the Lenovo IdeaPad Flex 5
Lenovo's IdeaPad line of laptops offers budget and midrange devices, according to our explainer on the different Lenovo brands, and the Lenovo IdeaPad Flex 5 builds upon it by adding various forms to use in different situations. The device features 360-degree hinges connecting its 14-inch Full HD touchscreen to its body, so you can switch from laptop mode to tablet mode by folding the display all the way back. You can also use it in tent mode, where the screen is propped up by the body, and in stand mode, where the keyboard is facing down and flat on your desk so you can focus on what's on the screen.

Read more
Best Buy is having a clearance sale on gaming laptops — from $580
Asus ROG Zephyrus G14 2023 front view showing display and keyboard deck.

Best Buy is having a ton of great gaming laptop deals this weekend. Everything from budget HP laptops to high-end Alienware devices are getting big price cuts. We've picked out our favorites below. Don't expect these deals to stick around all weekend though -- grab them while they're still available.
HP Victus Gaming Laptop -- $580, was $800

The HP Victus gaming laptop appears in our list of the best gaming laptops as a great budget option, because you'll be able to play the best PC games with its 12th-generation Intel Core i5 processor, Nvidia GeForce GTX 1650 graphics card, and 8GB of RAM -- though you may have to choose the lowest settings for some of the more demanding titles. The gaming laptop features a 15.6-inch screen with Full HD resolution and a 144Hz refresh rate, and a 512GB SSD with Windows 11 Home pre-installed.

Read more