AppsFlyer Web SDK Compromised in Supply-Chain Attack Targeting Cryptocurrency

A recent supply-chain attack on the AppsFlyer Web SDK has compromised thousands of applications used by over 15,000 businesses for marketing analytics. The malicious code inserted into the SDK targeted browser network requests for cryptocurrency wallet addresses.

The attackers' goal was to steal cryptocurrency, replacing legitimate addresses with their own. The compromised code preserved normal SDK functions but secretly monitored browser network requests for wallet addresses.