PANews reported on November 28 that SlowMist founder Yu Xian disclosed an XSS attack on the crypto industry on the X platform. The attacker exploited the XSS vulnerability of the crypto media Cointelegraph website to trick the target user into opening the Cointelegraph official website link (with an XSS malicious script), and then: the malicious script was loaded and executed; the address bar was set to a suspicious address (I thought it was an unreleased official draft); then the fake Sign in with X box popped up; after clicking Sign in with X, the third-party application authorization of X was opened, and a large blank was left in the permission list. If you didn't notice and clicked on the authorization, your X-related permissions would be taken over by the attacker. This kind of phishing with a little vulnerability exploitation is even more difficult for the general public to guard against, so you need to pay more attention.
SlowMist: Attackers exploited XSS vulnerability on Cointelegraph website to conduct phishing
Comment
Recommend Reading
2024-11-27U.S. Secretary of Commerce: Progress has been made in promoting AI safety over the past year
2024-11-278 Legal Issues Web3 Entrepreneurs Need to Pay Attention to
SlowMist: Sui ecological project OceansGallerie has high risks, and the token price fell dozens of times within a week of issuance
SlowMist Yuxian: Beware of poisoning attacks by hacker groups targeting the Crypto industry and take good security measures
2024-11-26RWA: Make Web3 Great Again
2024-11-26The "Chinese Story" at the Beginning of Ethereum
