Third-party JavaScript Abused To Steal Money From Cryptocurrency Exchange Users

Researchers at cyber security company ESET discovered that a website analytics platform was compromised in early November. Attackers were able to modify a JavaScript plugin used by websites to track visitor statistics.  

Although this allowed a malicious script to be injected into all websites that use the plugin, the attackers only targeted a specific Cryptocurrency exchange. The plugin was modified to include a component that checked for a specific identifier for the exchange’s withdrawal page. If detected, a second script replaced the victim’s intended destination Bitcoin addresses with one used by the attackers.  

While the total losses from this attack are unknown, the incident highlights the risks associated with using third party scripts on pages where financial data is input, transactions are made, or other sensitive data is processed. Malicious injection of JavaScript via third-party code has also been used to harvest payment card data from online checkout pages through a technique widely referred to as “MageCart”.  

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: