AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
Summary
The AppsFlyer Web SDK was compromised in a supply-chain attack, with threat actors injecting malicious JavaScript code to steal cryptocurrency. This attack targeted users interacting with websites utilizing the AppsFlyer SDK, redirecting them to fake crypto exchange sites.
IFF Assessment
This attack highlights a successful supply-chain compromise that directly impacted users by stealing their funds, representing a significant win for attackers.
Defender Context
This incident underscores the critical importance of securing the software supply chain and monitoring third-party dependencies for malicious activity. Defenders should be vigilant about unexpected code changes or behaviors in SDKs and other integrated libraries, and consider implementing robust integrity checks and runtime monitoring.