Odaily News The AdsPower security team transparently disclosed an intrusion incident on January 24. Hackers tampered with some third-party crypto wallet plug-ins in the AdsPower fingerprint browser by spreading malicious code. AdsPower has fixed the vulnerability and strengthened system security. At the same time, it has reported to the Singapore authorities and is actively cooperating with the police investigation.
According to official disclosure, from January 21 to 22, a small number of users reported that they were unable to install or update the MetaMask plug-in. On January 23, the technical team discovered that the plug-in download link was abnormal and replaced it with the official download address. On January 24, AdsPower detected that the plug-in had been tampered with, and then deleted the malicious plug-in package, repaired the download link, and asked affected users to reinstall the plug-in to ensure safety.
Internal investigations show that attackers took advantage of a vulnerability in a third-party technical service system to upload and spread a malicious version of the MetaMask plug-in, which may lead to the leakage of cache information of the user's wallet plug-in. At present, AdsPower has upgraded the application center plug-in download mode, and will further strengthen network security, emergency response and supply chain security management in the future. Affected users can receive exclusive value-added service plans in the AdsPower client.