Bleepingcomputer
AppsFlyer Web SDK Compromised in Cryptocurrency Theft Attack
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The AppsFlyer Web SDK was hijacked this week, allowing attackers to inject malicious code aimed at stealing cryptocurrency. The compromised SDK, utilized by over 15,000 businesses and 100,000 applications, intercepted wallet addresses entered by users and replaced them with attacker-controlled addresses. This supply-chain attack was identified by Profero researchers, who discovered obfuscated JavaScript being delivered through the SDK. The malicious payload monitored for cryptocurrency wallet input and exfiltrated original addresses while redirecting funds. The attack is believed to have occurred between March 9 and March 11, 2026. AppsFlyer confirmed a domain registrar incident on March 10, which temporarily exposed the SDK to unauthorized code. They stated that the issue has been resolved and that no customer data was accessed. Ongoing investigations are assessing the full impact of the incident.
Key Points: • The AppsFlyer Web SDK was hijacked to steal cryptocurrency through a supply-chain attack. • The attack affected thousands of applications, potentially compromising user funds. • AppsFlyer confirmed unauthorized code delivery but stated no customer data was accessed.