AppsFlyer Web SDK Supply Chain Attack Steals Crypto

SEVERITYHigh

EXPLOITActive Exploit

PATCH STATUSAvailable

VENDORAppsFlyer

AFFECTEDAppsFlyer Web SDK

CATEGORYCyber Attacks

Key Takeaways

Threat: Supply chain attack targeting AppsFlyer Web SDK
Impact: Malicious code injected to steal cryptocurrency
Duration: Temporary compromise detected this week
Status: Attack contained, SDK cleaned

AppsFlyer SDK Compromised with Crypto-Stealing Code

AppsFlyer's Web SDK was hijacked on March 14, 2026, when attackers injected malicious JavaScript designed to steal cryptocurrency from users' digital wallets. The supply chain attack targeted the popular mobile attribution platform's web-based software development kit.

The compromise was discovered within hours of the malicious code being deployed. AppsFlyer immediately removed the infected version and restored clean SDK files to prevent further damage to applications using their service.

Mobile Apps Using AppsFlyer Web SDK at Risk

Any mobile application or website integrating AppsFlyer's Web SDK during the compromise window was potentially affected. The malicious code specifically targeted users with cryptocurrency wallets, attempting to extract private keys and wallet credentials.

AppsFlyer serves thousands of mobile app developers worldwide, making this supply chain attack particularly concerning for the broader mobile ecosystem. The exact number of affected applications hasn't been disclosed.

Cryptocurrency Theft Vector and Response

The injected code scanned for popular cryptocurrency wallet extensions and attempted to harvest sensitive authentication data. Security researchers identified the malicious payload as part of a broader campaign targeting software supply chains.

AppsFlyer has advised all developers using their Web SDK to update to the latest clean version immediately. The company is working with CISA to track similar supply chain compromises. Organizations should audit their SDK dependencies and implement supply chain security measures to prevent future attacks.

Frequently Asked Questions

How do I know if my app was affected by the AppsFlyer SDK attack?+

Check if your application uses AppsFlyer's Web SDK and was deployed during March 14, 2026. AppsFlyer has released a clean version that developers should implement immediately. Monitor your app for any unusual cryptocurrency-related activity or user reports of wallet issues.

What should developers do about the compromised AppsFlyer SDK?+

Update to the latest clean version of AppsFlyer's Web SDK immediately. Remove any versions deployed on March 14, 2026, and audit your application for signs of the malicious code. Implement supply chain security measures to detect future SDK compromises.

Can the AppsFlyer attack steal cryptocurrency from mobile wallets?+

Yes, the malicious code specifically targeted cryptocurrency wallet extensions and attempted to harvest private keys and authentication credentials. Users with crypto wallets on affected applications should monitor their accounts for unauthorized transactions and consider moving funds to secure wallets.

About the Author

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.