ESET malware researcher Matthieu Faou writes:
On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors – a service very similar to Google Analytics. To do so, webmasters usually add an external JavaScript tag incorporating a piece of code from StatCounter – www.statcounter[.]com/counter/counter.js – into each webpage. Thus, by compromising the StatCounter platform, attackers can inject JavaScript code in all websites that use StatCounter.
Read more on WeLiveSecurity. See also Catalin Cimpanu’s reporting on this on ZDNet.