Tuesday, November 24, 00:03
Home security Twilio: Hackers introduced malvertising code into an exposed SDK

Twilio: Hackers introduced malvertising code into an exposed SDK

Η Twilio revealed that TaskRouter JS SDK has been breached by Criminals after accessing one of the Amazon AWS S3 buckets which left the SDK exposed for about five years.

Twilio is a company CPaaS (cloud communications platform as a service) that supports communications for more than 40.000 businesses and helps them developers add voice, video, messaging and authentication capabilities to applications using the Twilio APIs.

The company's customer list includes: Twitter, Netflix, Uber, Shopify, Morgan Stanley, Airbnb, Wix, Spotify, Yelp, Hulu, Intuit, ING, eBay and many more.

According to Twilio, the attackers entered the malicious code only in version 1.20 of the TaskRouter JS SDK library.

"Due to the incorrect configuration of the S3 bucket, which hosted the library, a hacker was able to enter code that made him browser the user to upload a URL associated with Magecart attacks", Said Twilio.

The malicious SDK was available for at least 24 hours

Η company says the teams security of replaced the malicious TaskRouter JS SDK library and secured the S3 bucket within one hour of being notified of the attack.

“On Sunday, July 19, we learned about a change made to a Javascript library… A modified version of the TaskRouter JS SDK has been uploaded to website us at 1:12 p.m. We received a notification about the modified file at 9:20 p.m. "and we replaced it at about 10:30 p.m.," Twilio said.

As the company explained, the modified TaskRouter JS SDK library may have been available for up to 24 hours after its replacement.

Twilio says it has not found any evidence (so far) that the attacker gained access to customer information or data. The attackers they also could not access any of the interiors systems, Twilio code or data.

The company also checked the other AWS S3 buckets and found several more that were not properly insured. However, no other SDKs have been affected.

The company urged customers to replace the infected SDK.

"If you have downloaded a copy of version v1.20 of the TaskRouter JS SDK between July 19, 2020 1:12 p.m. and July 20, 10:30 pm, you will need to download the SDK again and replace the old version with the one we currently have ”.

The connection to Magecart attacks

As Twilio discovered, the JavaScript code that was introduced is essentially one malicious redirector and is associated with a long malvertising campaign known as Hookads.

Hookads uses JavaScript redirectors to redirect their visitors sites through a series of fraudulent sites, resembling online advertisements and online games, with the ultimate goal of install malware payload using exploit kits.

Twilio has detected that malicious code entered into the TaskRouter JS SDK library loads a URL from gold.platinumus [.] top / track / awswrite and then redirects to other sites, blocking the use of the browser back button, trying to collect data related to mobile Appliances.

"This script also tries to collect data on the size of the user's touch screen and targets mobile devices," Twilio said.

"This behavior is consistent with one malvertising campaign related to Magecart attacks, which target mobile users. We believe the attack was designed to display malicious ads on users".


Please enter your comment!
Please enter your name here

Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Details of Spotify users were exposed by hackers

A hacking team has gained unauthorized access to 350.000 Spotify accounts on the music streaming service. To achieve this ...

Black Friday: Tips for Secure Online Shopping

Black Friday and Cyber ​​Monday are two of the busiest days for online shopping. And of course ...

Photoshop: How to restore the old mode of Free Transform

Adobe recently changed the way Free Transform works. But you can restore the old way of working ...

EU: Ready to end end-to-end encryption?

End-to-end encryption is a security tool used by various applications, including Facebook Messenger, WhatsApp and Signal, for further ...

How to disable the "welcome tips" after the Windows 10 update

Windows 10 after an update sometimes opens a window with tips to show you what's new for ...

The Windows 10 KB4586819 update fixes several issues

Microsoft has released the cumulative non-security update KB4586819 preview for Windows 10 versions 1809, 1903 and 1909, with various fixes ...

Drupal websites are vulnerable to double-extension attacks!

The team behind Drupal Content Management System (CMS) released some security updates this week to fix a critical ...

Face recognition can identify bears and cows

Face recognition can be used to identify various animals such as bears and cows!

Google Workspace: How it unlocked the subscription software market

In fact, Google has made it easier for smaller players. A startup that starts in 2020 ...

Black Friday with online offers in COSMOTE and GERMANO

Press Release: Black Friday with online offers at COSMOTE and GERMANO November 23, 2020