Threat Watch

Twilio Javascript SDK Modified to Serve Keitaro TDS

Twilio, which provides APIs for a variety of communication servers, recently confirmed with The Register that attackers accessed their Amazon S3 bucket and inserted some malicious JavaScript into their TaskRouter SDK JavaScript code. TaskRouter SDK is used to route business communications requests to Twilio’s TaskRouter Platform. The inserted code connected to a domain owned by Keitaro Traffic Distribution System (TDS), and received some malicious advertising (malvertising) links, which are common to Keitaro.

ANALYST NOTES

Twilio has published an incident report on the issue, which can be read here: https://www.twilio.com/blog/incident-report-taskrouter-js-sdk-july-2020 . They are also urging all users who downloaded TaskRouter JS SDK v1.20 between July 19th and July 20th 2020, to re-download the SDK immediately.

https://www.theregister.com/2020/07/21/twilio_javascript_sdk_code_injection/