According to Odaily, a recent XSS attack has targeted the cryptocurrency industry by exploiting a vulnerability on the Cointelegraph website. The attack involves tricking users into clicking on a link to the Cointelegraph site that contains a malicious XSS script. Once the link is opened, the script is executed, and the address bar is manipulated to display a URL resembling an unpublished draft article on Cointelegraph’s official site.
Following this, a fake ‘Sign in with X’ prompt appears. If users click on this prompt, they are redirected to a third-party application authorization page for X. The permissions list on this page contains a large blank space, which can easily be overlooked. If users inadvertently authorize the application, the attacker gains control over their X-related permissions. This type of phishing attack, which involves exploiting vulnerabilities, poses a significant threat to the general public, highlighting the need for increased vigilance.