Steemit got hacked!

in steemit •  25 days ago  (edited)

It looks like some malicious Ads made it into the Ad network used by steemit.com.

See this old article for a very similar issue on a different site: https://www.rollcall.com/news/politics/no-you-didnt-win-a-1000-amazon-gift-card-heres-why-you-saw-a-weird-pop-up-ad-on-rollcall-com

After loading https://steemit.com, after a few seconds Steemit gets redirected to this page:

https://amazon.com-gift-winner.vip/amazongiftus/index.html?model=iPhone&brand=Apple&region=Florida&city=Jacksonville
---> DO NOT OPEN, IT'S A PHISHING SITE

Apologies for the title that is a bit clickbait but I believe that this is worth immediate attention!!

I tried the site in a sandbox and it asks victims for lots of personal information (name, address, phone number, many questions regarding job and health insurance) and eventually credit card number or registration to other well known services (in order to steal those credentials).

This is how the phishing page looks like:

I am able to reproduce this issue on an iPhone 6, an iPhone XR emulator and an iPhone X emulator run locally on my machine. Reproduced both on Safari and Chrome.

This issue is not reproducible on Android or Desktop browsers.

I am trying to inspect the source code to understand where this is coming from but so far I'm not able to stop the redirection in order to inspect the code.

Since it's not possible to override the window.location behavior I tried disabling tab close and page redirections using the following code in the browser console right after loading steemit.com:

// window.location.href = 'https://steemit.com'
const nap = ms => new Promise(res => setTimeout(res, ms));

const forceOverride = async () => {
  while (true) {
    const confirmExit = () => "You have attempted to leave this page. Are you sure?";
    window.onbeforeunload = confirmExit;
    await nap(100);
  }
}
forceOverride()

...but it does not do the trick, the page still gets redirected.

I'm only able to prevent the redirection if I disable the wifi right after loading the steemit page. But doing so I have no luck in finding the culprit Ad in the scripts and page. It likely does not load in time otherwise the redirection would take place.

Looking at the network requests the domains that get loaded right before the redirection are:

m.servedby-buysellads.com, cdn-s2s.buysellads.net, consent.cookiebot.com, securepubads.g.doubleclick.net, s2.adform.net, adservice.google.com, use-tor.adsrvr.org, track.adform.net, cdn4.buysellads.net



PS. A similar issue was reported 5 months ago: https://steemit.com/steem/@schlafhacking/caution-malware-ads-on-steemit-condenser


How many users are still affected by this problem?

If you are among those and you are reading this post in another browser, in order to solve the issue try doing the following:

  • Clear your cookies, cache, and browser history
  • Install an Ad blocker
  • Restart your device

NOTE: If you do not install an Ad blocker these steps will work only after the malicious Ad gets successfully located and removed by Steemit Inc.

In alternative use Brave browser that blocks Ads by default and offers a better security.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

While I don't like the title for being too clickbaity and not precise, the first sentence clarify things up. Thanks for the heads up.

UPDATE: It looks like the vulnerability is now patched.

Awesome response time guys! =]

Good catch.

Yeah happened to me too last night from my iphoneX!!

test

The issue is still occurring in Safari and Chrome on iOS.
I now reported the issue to Amazon on their dedicated section.

Thanks

Thanks for the warning.
The phishing site is now offline.

Bildschirmfoto_2019-12-29_14-27-15.png

Awesome, thanks!

This post is promoted by @tipU voting service under #newsteem rules funded by marcocasario :)
The upvotes are not profitable and 50% of the payment is donated to @steempeak and other steem projects.

Thanks for information

  ·  24 days ago Reveal Comment

Good, thanks

As a follower of @followforupvotes this post has been randomly selected and upvoted! Enjoy your upvote and have a great day!