Posted by: DeepDotWeb
June 11, 2015
Several users of Agora Marketplace have reported receiving an message trough their PM system today, that when opened contains a malicious java script exploit that attempt to drain the Bitcoins from their wallets:
In order for the exploit to work:
- The user has to have an active session open with Agora
- Must have JS enabled
- See an unknown link and be dumb enough to click on it while having have JS enabled.
Solution: Don’t do any of the above. Especially if you are a vendor. And hopefully that Agora will fix their CSRF vulnerability at some point (its wan known for quite a while now).