Warning: New Malicious JS Using CSRF exploit via PM’s On Agora

less than 1 minute read

Posted by: DeepDotWeb

June 11, 2015

Several users of Agora Marketplace have reported receiving an message trough their PM system today, that when opened contains a malicious java script exploit that attempt to drain the Bitcoins from their wallets:

In order for the exploit to work:

  • The user has to have an active session open with Agora
  • Must have JS enabled
  • See an unknown link and be dumb enough to click on it while having have JS enabled.

Solution: Don’t do any of the above. Especially if you are a vendor. And hopefully that Agora will fix their CSRF vulnerability at some point (its wan known for quite a while now).

Updated: 2015-06-11