A breach was experienced on Nov 3 by Statcounter – a well-known web analytics platform – in which around 700,000 web pages were hacked, as their mean was to steal cryptocurrency via malicious script and exchange Gate.io to generate Bitcoin addresses, according to the researcher Matthieu Faou.
Faou identifies that the hacker was clever because of the malicious code in the middle rather than in the beginning or at the end of a legitimate file which is harder to detect by casual observation. Even though the Gate.io service claims it doesn’t use Statcounter anymore now but the hacker clearly leveraged his advantages.
It’s still unknown that how many end-users are affected but Gate.io said; after they got the notice from ESET; that there’s a suspicious behavior in Statcounter’s traffic they immediately scan the system by antivirus products along with that they also claim to remove the Statcounter’s services.
There is nothing much to fear because the malicious script would active only if URL or web pages contain myaccount/withdraw/BTC that allow the hacker to fill his pocket but Cryptocurrency focused hacks are not new as they famously occurred in the past, particularly with Adobe Flash installers.