Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

AppsFlyer Web SDK hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

AppsFlyer's Web SDK was temporarily exposed to unauthorized code in a domain registrar incident, putting a segment of customer websites at risk of browser-side payment diversion. Profero found injected JavaScript that hijacked cryptocurrency wallet addresses and replaced them with attacker-controlled addresses, with exposure likely spanning March 9-11, 2026. AppsFlyer said the issue was contained, the mobile SDK was unaffected, and there was no evidence of customer data access on its systems.

Timeline

  1. 14.03.2026 16:36 1 articles · 2mo ago

    Malicious JavaScript discovered in AppsFlyer Web SDK

    Exploitation Observed

    Profero found malicious JavaScript served from websdk.appsflyer.com on March 9, 2026, delivered to users visiting websites and applications that loaded the AppsFlyer SDK. The payload preserved normal SDK behavior while monitoring cryptocurrency wallet input, replacing entered addresses with attacker-controlled wallets, and exfiltrating the original wallet data and related metadata.

    Show sources
    Open in new tab
  2. 14.03.2026 16:36 1 articles · 2mo ago

    AppsFlyer contains March 10 domain registrar incident

    Mitigation Patch Update

    AppsFlyer said it detected and contained a domain registrar incident on March 10, 2026 that temporarily exposed the AppsFlyer Web SDK on a segment of customer websites to unauthorized code. The company said the mobile SDK was not affected, the issue was resolved, and no evidence had been found that customer data on AppsFlyer systems was accessed.

    Show sources
    Open in new tab
  3. 14.03.2026 16:36 2 articles · 2mo ago

    Public report confirms unauthorized code in AppsFlyer SDK

    Initial Disclosure

    On March 14, 2026, the public report described malicious JavaScript delivered through the AppsFlyer Web SDK, with Profero saying the likely exposure window ran from March 9, 22:45 UTC, to March 11. AppsFlyer told reporters that unauthorized code had been delivered through the SDK, that the mobile SDK was unaffected, and that customers had received direct communication and updates while the investigation continued.

    Show sources
    Open in new tab