Risk artists used a cloud-based video hosting service to attack supply chain attacks on more than 100 real estate websites operated by Sotheby’s Realty, which included injections of malicious skimmers to steal sensitive personal information.
Researchers from Unit 42 of Palo Alto Networks said in a report released this week that “while others import videos, their websites are also embedded with skimmer codes.”
“The attacker modified the static script in its hosted location by attaching the skimmer code. Upon the next player update, the video platform re-zipped the tampered file and served it with the affected player.” He worked with a video service and real estate company to help remove the malware, the researchers said.
The campaign is said to have started in early January 2021. According to Malwarebytes, the harvested information – name, email, phone number, credit card data – was filtered on the remote server “cdn-imgcloud”.[.]com “which also serves as the collection domain for Magecart Attack targeting Amazon CloudFront CDN in June 2019.
To detect and prevent the injection of malicious code into online sites, it is recommended that you periodically check the integrity of the web content, remember to protect the account from takeover attempts, and pay attention to potential social engineering schemes.
“The skimmer itself is highly polymorphic, elusive and constantly changing,” the researchers said. “The effect of such a skimmer can be very significant when combined with a cloud distribution platform.