Hackers Target Real estate websites with skimmer in latest supply chain attack

Risk artists used a cloud-based video hosting service to attack supply chain attacks on more than 100 real estate websites operated by Sotheby’s Realty, which included injections of malicious skimmers to steal sensitive personal information.

Researchers from Unit 42 of Palo Alto Networks said in a report released this week that “while others import videos, their websites are also embedded with skimmer codes.”

Skimmer attacks, also called formjacking, are related to a type of cyber attack in which bad actors insert malicious JavaScript code into a target website, mostly to checkout or payout pages on shopping and e-commerce portals, to obtain valuable information such as credit cards. Details entered by users.

In the latest incarnation of the Megacart attack, the operators behind the campaign hacked Sotheby’s Brightkov account and created a script in the cloud video platform player using malicious code that could be loaded into the video player to add JavaScript customization.

“The attacker modified the static script in its hosted location by attaching the skimmer code. Upon the next player update, the video platform re-zipped the tampered file and served it with the affected player.” He worked with a video service and real estate company to help remove the malware, the researchers said.

The campaign is said to have started in early January 2021. According to Malwarebytes, the harvested information – name, email, phone number, credit card data – was filtered on the remote server “cdn-imgcloud”.[.]com “which also serves as the collection domain for Magecart Attack targeting Amazon CloudFront CDN in June 2019.

To detect and prevent the injection of malicious code into online sites, it is recommended that you periodically check the integrity of the web content, remember to protect the account from takeover attempts, and pay attention to potential social engineering schemes.

“The skimmer itself is highly polymorphic, elusive and constantly changing,” the researchers said. “The effect of such a skimmer can be very significant when combined with a cloud distribution platform.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *