Hackers abused StatCounter and infected nearly 700,000 websites

Hackers who use cryptographic currency have hacked into one of the most widely used services for traffic analytics. They abuse StatCounter in an attempt to steal bitcoin from the users of online stock exchange Gate.io. More than 688,000 websites were affected by the attack.

That’s what the ZDNet site reports today. It is said that 688,000 websites have been found that download the malware script. StatCounter works a bit like Google Analytics and offers the user a comprehensive analysis of the internet traffic.

Million sites

Webmasters must add special StatCounter code to their site to get the statistics. This design aspect seems to have been abused by the hackers, who quickly spread their malware. The attack rerouted the bitcoin of traders in cryptographic currency. Most users of Gate.io who recorded or overbooked their bitcoin were affected. The code simply replaced any bitcoin address that appeared on a page with a hacker’s address.

ESET security researchers discovered the exploit and called it a supply chain attack. According to the researchers, almost a million websites were affected. But the threat seems to be focused on only one domain: Gate.io. It processes USD 1.7 million in bitcoin transactions every day. According to ESET, the malware basically does nothing unless the link contains this specific string: myaccount/withdraw/BTC. The site Gate.io is the only site with a URL that contains a sun string.

Despite the fact that the security breach lasted several days, it is not certain how many people were affected by the attack. Also, it is not certain how much money the hackers have captured. ESET states that the script automatically generated a new bitcoin address each time it was running. This makes it difficult to trace bitcoin transactions, and the identity of the hackers is almost impossible to determine.

Gate.io will completely remove StatCounter from its site. It advises users to use two-stage paint and two-stage login protection.