Home > Quick > Body

Slow Mist Cosine: Attackers use the XSS vulnerability of the Cointelegraph website to trick target users into opening the Cointelegraph official website

clock
2024-11-28 01:16:58
Slow Mist founder Cosine X issued a statement saying that the attacker used the XSS vulnerability of the Cointelegraph website to trick the target user to open the Cointelegraph official website (with XSS malicious script), so:
- malicious script loading execution;
- The address bar is set to https://cointelegraph [.] com/not-public/drafts/article-1033 at first glance, I thought it was an official unpublished draft;
- Sign in with X box;
- After clicking Sign in with X, open X's third-party app authorization, and leave a large blank in the permission list. If you don't pay attention to clicking authorization at this time, the relevant permissions of the X platform will be taken over by the attacker.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.