Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

StatCounter Code Rewired to Steal Bitcoin

The popular real-time web analytics platform, StatCounter, which runs stats on 10 billion-page views per month by the two million websites that use them, has been hit with malware. Attackers infused vindictive code within statcounter.com/counter/counter.js, a bit of JavaScript that StatCounter’s clients install in their sites to measure their guest movement. The content is initiated when the URL contained a particular Uniform Resource Identifier (URI): myaccount/pull back/BTC. It reroutes the Bitcoin destination address and replaces it with an address belonging to the hacker. “The malicious server generates a new Bitcoin address each time a visitor loads the statconuter[.]com/c.php script. Thus, it is hard to see how many bitcoins have been transferred to the attackers. StatCounter officials removed the script on Tuesday after Gate.io stopped using their service to prevent further damage.

Analyst Notes

When operating with funds online it is always advised to use two-factor authentication (2FA) when it is offered. It’s also a safe bet for users to do their own research about the webpage they plan on using to see if it offers any kind of two-step login protection. Users should back their bitcoin wallet up as often as possible and keep only the amount they need online for trading and use cold storage for the rest.