Slow Mist Cosine: Attackers use the XSS vulnerability of the Cointelegraph website to trick target users into opening the Cointelegraph official website
2024-11-28 09:16:58
Slow Mist founder Cosine X issued a statement saying that the attacker used the XSS vulnerability of the Cointelegraph website to trick the target user to open the Cointelegraph official website (with XSS malicious script), so:
- malicious script loading execution;
- The address bar is set to https://cointelegraph [.] com/not-public/drafts/article-1033 at first glance, I thought it was an official unpublished draft;
- Sign in with X box;
- After clicking Sign in with X, open X's third-party app authorization, and leave a large blank in the permission list. If you don't pay attention to clicking authorization at this time, the relevant permissions of the X platform will be taken over by the attacker.