StatCounter has been hacked

ESET specialists discovered the hacking of one of the world's largest web analytics services StatCounter. According to PublicWWW, StatCounter scripts are used by over 688,000 resources. But for operators of all these sites are still too early to panic. The fact is that the counter was compromised solely for the sake of an attack on the cryptocurrency exchange Gate.io.

According to the researchers, unknown attackers embedded malicious code into the StatCounter script, with which they were able to intercept Bitcoin transactions in the exchange's web interface. The fact is that JavaScript is the cornerstone of StatCounter. As in the case of Google Analytics, companies upload the script to their sites and get the opportunity to track visits and traffic history.

Worse, ZDNet reported that it was not possible to quickly contact the developers of StatCounter, and the statcounter [.] Com / counter / counter.js file remained compromised even after ESET specialists released information about the incident.

Analysts write that the script was compromised on November 3, 2018. With the help of a modified script, the attackers replaced any Bitcoin addresses entered by users on their own, which eventually left the money. It is not possible to calculate the amount of funds stolen during the attack and number of the affected users yet.

Source: xakep.ru