Slow Mist founder Cosine X issued a statement saying that the attacker used the XSS vulnerability of the Cointelegraph website to trick the target user to open the Cointelegraph official website (with XSS malicious script), so:
- malicious script loading execution;
- The address bar is set to https://cointelegraph [.] com/not-public/drafts/article-1033 at first glance, I thought it was an official unpublished draft;
- Sign in with X box;
- After clicking Sign in with X, open X's third-party app authorization, and leave a large blank in the permission list. If you don't pay attention to clicking authorization at this time, the relevant permissions of the X platform will be taken over by the attacker.
Slow Mist Cosine: Attackers use the XSS vulnerability of the Cointelegraph website to trick target users into opening the Cointelegraph official website
2024-11-28 01:16:58
SlowMist founder human cosine post representation attacker exploit cointelegraph websitedesk3cryptocurrencydesktopCrypto News
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
慢雾余弦:攻击者利用Cointelegraph网站的XSS漏洞,诱骗目标用户打开Cointelegraph官网链接Next article:
Robinhood为欧洲用户推出以太坊质押服务