Security & Infrastructure Tools

AppsFlyer Web SDK hijacked to spread crypto‑stealing JavaScript code

AppsFlyer’s Web SDK was hijacked in a supply‑chain attack that injected malicious JavaScript designed to steal cryptocurrency by intercepting wallet addresses entered on websites and redirecting them to attacker-controlled accounts. The compromised payload, discovered by Profero researchers, ran between March 9–11 2026 and affected the official domain websdk.appsflyer.com. AppsFlyer confirmed a temporary exposure due to a domain registrar incident but reported that its mobile SDK remained safe; the company is investigating further and advising users to review logs, downgrade to known‑good SDK versions, and monitor for suspicious requests. The attack targeted major crypto platforms such as Bitcoin, Ethereum, Solana, Ripple, and TRON, potentially impacting thousands of businesses using AppsFlyer’s analytics services.

TechLogHub

Keep Reading

Security & Infrastructure ToolsJun 12, 2026

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national extradited from Ireland to the United States pleaded guilty to conspiracy to commit wire fraud in connection with the Conti ransomware operation, admitting to joining the group in September 2021 and possessing data stolen from eight U.S. victims and four overseas victims. He helped code a loader used in attacks and faces up to 20 years in prison. Conti, linked to TrickBot, targeted more than 1,000 victims and collected over $150 million in ransom before disbanding in 2022.

Security & Infrastructure ToolsJun 12, 2026

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More from the Blog

View all

Security & Infrastructure Tools

Microsoft Adds Copilot Data Controls to All Storage Locations

Microsoft is expanding its data‑loss prevention controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel and PowerPoint documents regardless of where they are stored—whether on local devices or in SharePoint/OneDrive. The update will be deployed through the Augmentation Loop (AugLoop) Office component between late March and late April 2026, automatically enabling the restriction for organizations that already have DLP policies set to block Copilot from handling sensitivity‑labeled content. This change follows a bug that had allowed Copilot to summarize confidential emails in users’ Sent Items and Drafts folders despite active DLP protections.

Feb 25, 2026

Security & Infrastructure Tools

Previously harmless Google API keys now expose Gemini AI data

Stay Updated

Get the next deep dive in your inbox

Subscribe for product analysis, engineering explainers, and practical guides published on TechLogHub.

Stay Updated

Get weekly insights, product updates, and launches straight to your inbox.

AppsFlyer’s Web SDK was hijacked during early March 2026, injecting malicious JavaScript that silently stole cryptocurrency wallet addresses on any site or app that loads the SDK. The payload intercepted user inputs for Bitcoin, Ethereum, Solana, Ripple and TRON wallets, replacing them with attacker‑controlled addresses while exfiltrating the original data. This supply‑chain attack exploited the widespread trust in AppsFlyer’s analytics platform—used by 15 000 businesses worldwide for over 100 000 mobile and web applications—to redirect funds to a threat actor.

Profero researchers confirmed that obfuscated code was delivered from the official domain websdk.appsflyer.com. The compromise likely lasted between March 9 22:45 UTC and March 11, though it remains unclear if it affected all SDK users. AppsFlyer acknowledged an incident involving a domain registrar issue on March 10 that temporarily exposed the Web SDK to unauthorized code. They stated the mobile SDK was unaffected and that customer data had not been accessed. The company has since resolved the problem, informing customers through direct communication.

Given the uncertainty about the scope of the attack, organizations using AppsFlyer should audit telemetry logs for suspicious requests from websdk.appsflyer.com, downgrade to a known‑good SDK version, and investigate any potential compromise. This incident underscores how trusted third‑party SDKs can become vectors for malicious activity, affecting downstream users and applications across the digital ecosystem.

AppsFlyer Web SDK hijacked to spread crypto‑stealing JavaScript code

Related Posts

Ukrainian national pleads guilty to role in Conti ransomware operation

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More from the Blog

Microsoft Adds Copilot Data Controls to All Storage Locations

Previously harmless Google API keys now expose Gemini AI data

Get the next deep dive in your inbox

Stay Updated

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

Microsoft says bug in classic Outlook hides the mouse pointer

Product

Learn

Company

Legal

Stay Updated

Browse by Category

What's New