Apologies for the necro, but this update involves "scam" and "Gate.io", although not in the original context.
Whether the MO of the method used and described below has any relationship to what is posted above (certainly an ingenious way to scam your customers, not that there's any proof of that) is another matter.
To quote liberally from
this news reportOne of the top traffic metrics websites on the internet is apparently being used by criminals to steal Bitcoins from a currency exchange.
Researchers at ESET have found that the JavaScript used by StatCounter's analytics platform has been modified by miscreants so that when embedded into the pages of Gate.io, a cryptocurrency exchange, it can siphon off alt-coins.
The ESET team today said that the crooks injected malicious code within statcounter.com/counter/counter.js, a piece of JavaScript that StatCounter's two million or so customers embed in their websites to measure their visitor traffic.
While millions of sites may have pulled in that modified code, however, it appears that just one site was the target. ESET's eggheads say the malicious code within the StatCounter script performs a single check for a specific path: myaccount/withdraw/BTC.
Lol, myaccount/withdraw/BTC.... no comment.
"It turns out that among the different cryptocurrency exchanges live at time of writing, only gate.io has a valid page with this URI," explained ESET malware researcher Matthieu Faou.
So therefore
Should that path be accessed by a visitor, a second script on a separate domain is fetched and executed. That script tries to redirect any Bitcoin transactions to one of several wallet addresses controlled by the masterminds of this attack.
ESET speculated that coin had been stolen
Even if we do not know how many Bitcoins have been stolen during this attack, it shows how far attackers go to target one specific website, in particular a cryptocurrency exchange
But Gate.io responded quite quickly yesterday, claiming all is good....
Statcounter is one of the top stats tools providers in the world. gate.io was using Statcounter's paid services for a few months.
On Nov. 6, 2018, we got the notice from ESET researcher's report and the "ESET Internet Security" product that there's a suspicious behavior in Statcounter's traffic stats service.
We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that time, the report can be found at
https://www.virustotal.com/#/file/bb52c07e28f81ddcf5384249efc7a0b1c59a940be94b1d3d361472a338d695c3/detectionHowever, we still immediately removed the Statcounter's service. After that, we didn't find any other suspicious behaviors.
The users' funds are safe. To have the maximum security, please make sure you have two-factor authentication (Google OTP or SMS) and two-step login protected. We want to express our great appreciation and respect to the researcher from ESET Malware Researcher.
So, there we are....
This was a Public Service Post from tmfp.