Monday, March 30, 2020

Cryptohackers Breach StatCounter to Steal Bitcoins

Tech Cryptohackers Breach StatCounter to Steal Bitcoins

Hackers placed in StatCounter malware to steal Bitcoin income from account holders, according to Eset investigator Matthieu Faou, who discovered the infringement.

The malicious code was added to the tracking script on the StatCounter site last weekend, it said Tuesday.

The malicious code hijacks all bitcoin transactions made via the web interface of the cryptocurrency exchange. It is not activated unless the link on the page contains the path “myaccount / remove / BTC”.

Malicious code can secretly replace any bitcoin address that users enter on the page with an address managed by the attacker. Security experts believe that this violation is crucial because many websites upload the StatCounter tracking script.

“This security breach is very important if you consider that, according to StatCounter, more than 2 million websites use their analytical platform,” says Faou TechNewsWorld. “By modifying the analytic script injected into all of those 2 million websites, attackers were able to execute JavaScript code in the browser to all visitors to these websites”.

Limited purpose, broad potential
The attack is also important because it shows greater sophistication among hackers about the tools and methods used to steal cryptocurrency, George Waller, CEO of BlockSafe Technologies said.

Although this form of hijacking is not a new phenomenon, the way the code was inserted was.

Market growth of cryptocurrency and the emerging asset class has led hackers to devise their investments and attempts to steal stronger methods. The malware used is nothing new, but the delivery method is.

“Since early 2017, criptomonedas stock exchanges suffered more than (US) $ 882 million in stolen by targeted attacks on at least 14 trading funds. This trick adds one more to the list,” Waller said theinfovalley.

In this case, the attackers chose to target users in, a major exchange of criptomonedas, Faoul Eset said. When a user sent a recording of bitcoins, the attacker replaced the destination address in real time with an address under his control.

Attackers can attack by engaging a third party, a tactic known as “supply chain attack”. They could have reached many more websites, Faoul said.

“We identified different government websites using StatCounter. Therefore, this means that the attackers have targeted many interesting people,” he said.

Financial impact customers who initiated Bitcoin transactions during the attack are more exposed to this violation. The malware hijacked legitimate permission from the user of the site to change the destination address bitcoin transfers, according to Paige Boshell, member of the Privacy Counsel transaction manager.

As a general rule, webmasters limit to a minimum the number of third-party scripts, such as StatCounter, since each is a possible attack vector. For exchanges, additional confirmations of withdrawals have been useful in this case, since the exploit involved the exchange of user Bitcoin address by thieves.

“ has removed StatCounter, so this specific attack must be closed, Boshell told theinfovalley.

The extent of the loss and exposure to fraud resulting from this violation is not yet quantifiable. The attackers used different addresses for transfer bitcoins added to Boshell, and notes that the attack could have been carried out to influence the use of StatCounter everywhere.

Protection Strategies Not Foolproof

StatCounter needs to improve its own control code and constantly check that only authorized code is running on your network, suggested Joshua Marpet, COO of Red Lion. However, most users will not realize that StatCounter has committed an error.

“Blame, and everything that could happen: business loss, bank management, and even close their doors,” he told theinfovalley.

Checking the code is not always a feasible prevention plan. In this case, the malware code resembled the user manuals, Privacy Counsel noted Boshell.

“It was not easy to detect fraud tools used to protect and detect malware,” he said.

Network administrators are not really involved in this type of offense, as the malicious code is processed on the workstation / laptop instead of on the web server, according to Brian Chappell, senior director of enterprise architecture and solutions from BeyondTrust. It also provides no mechanism for gaining control of the system.

“In essence, many stars tuned to make this a significant risk in this regard,” he told TechNewsWorld. “Effective management of vulnerabilities and privileges naturally limit the consequences of a burglary”.

That is an address that administrators should look at. There is nothing they can do to control the initial attack, assuming that the selected websites are accepted sites within your organization, Chappell said.

Even a well-secured website can be violated by third parties committing a script, Eset Faou said.

“Therefore, webmasters must carefully choose the external JavaScript code that is linking and avoid using it if not needed,” he said.

One strategy is to search for scripts that replace one Bitcoin address with another, said Clay Collins, CEO of Nomics.

Using analytical services that have a good reputation for safety is part of it, he told TechNewsWorld.

“People with ad blockers / scripts were not vulnerable,” Collins said.

More good practices
Traffic analysis, scanning websites and code auditing are some of the tools that can be discovered that something was abnormal transactions and traffic, Fausto Oliveira, said chief security architect OKselect. However, it would have been ideal to prevent the attack in the first place.

“If customers needed an application that required strong authentication from band above a certain amount, or when a transaction was addressed to an unknown recipient, then customers would have had the opportunity to block the transaction and win an idea that there something bad was going on, “Oliveira told theinfovalley.

The use of supplements blocking scripts such as NoScript and uBlock / Umatrix can bring a certain amount of personal control into the hands of the website user. Makes surfing the web more challenging, Raymond Zenkich, COO of BlockRe said.

“But you can see which code is entered on a site and turn it off if it’s not needed,” he told theinfovalley.

“Web developers should stop placing third-party scripts on confidential pages and keep their users from wanting to make advertising, metrics, etc. money,” Zenkich said.

Watch out for something from third parties
As a rule, webmasters should minimize the number of scripts from third-party co-founder Zenchain, Seth Hornby, because each has a possible attack vector.

“For exchanges, additional confirmations of withdrawals would also be beneficial in this case, because the exploit involved involved the Bitcoin exchange address reported by the thieves,” he told theinfovalley.

Even third-party outsourcing solutions can open the door for cyber criminals, said Zhang Jian, founder of FCoin.

“Many companies within the cryptocurrency space rely on external companies for different tasks and assignments. Branching out this outsourcing is a loss of accountability. This puts many companies in a difficult place, unable to find attacks of this nature for It’s too late, “he told theinfovalley.

Instead, network administrators must work to ensure internal versions of the tools and products, from start to finish, Jian suggested, that control of these security measures is in their power.

Stay on up - Ge the daily news in your inbox

Recent Articles

Top Youtube to Mp3 Converter Sites

Top Youtube to Mp3 Converter Sites Here, I'll tell you which websites provide Youtube to Mp3 Converter online service. For using these websites, you can...

Pakistan defeat India Kabaddi World Cup 2020

Pakistan came out victorious from a close fight against India in the final of the Kabaddi World Cup on Sunday at the Punjab Stadium...

Healthy Eating with Gluten-free Diet: What is included and what is not

Food and gluten-free diet! What is it It may not be known to everyone. This type of diet removes gluten protein from your table....

RARBG Mirror Sites To Unblock RARBG 2020

RARBG Mirror Sites To Unblock RARBG 2020   No access to RARBG? Are you searching for some alternative ways to unlock RARBG? There are various methods...

10 Minute Mail Alternatives Top 10

10 Minute Mail Alternatives 10 Minute Mail Alternatives If you have noticed it by name, 10 Minute Mail is an e-mail service that offers users a...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here