[ad_1]
Hackers violated the Picreel analytics service and the Open Source Alpaca Forms project and modified the JavaScript files in both companies' infrastructure to embed malicious code on more than 4,600 Web sites, security researchers ZDNet.
The attack is in progress and the malicious scripts are still active at the time of publication of this article.
Both hacks were spotted by Willem de Groot, founder of Sanguine Security, earlier in the day and confirmed by several other security researchers.
Picreel is an analytics service that allows site owners to record what users are doing and how they interact with a website to analyze behaviors and increase rates. conversation. Picreel customers – website owners – are supposed to embed a piece of JavaScript code on their sites to allow Picreel to do its work. It is this script that hackers have compromised to add malicious code.
Alpaca Forms is an open-source project for creating web forms. It was originally developed by the CMS CMS enterprise provider and open-source code eight years ago. The Cloud CMS always provides a free CDN (content distribution network) service for the project. Hackers seem to have violated this CDN managed by the CMS on the cloud and changed one of the scripts of the Alpaca form.
ZDNet solicited comments from both companies. In an email, Michael Uzquiano, CTO of Cloud CMS, said ZDNet it seems that hackers have compromised only one JavaScript file of Alpaca Forms on its CDN, and nothing else.
Malicious code records all data entered in form fields
Currently, it is unclear how the hackers violated Picreel or the CMS CDN Alpaca Forms. In a conversation on Twitter, de Groot said ZDNet the hacking seems to have been done by the same threatening actor.
The malicious code records all incoming content users in the form fields and sends the information to a server located in Panama. This includes the data that users enter on the payment / payment pages, contact forms, and login sections.
The malicious code embedded in the Picreel script was seen on 1,249 websites, while that of Alpaca Forms was seen in 3,435 domains.
Cloud CMS stepped in and removed the CDN that was serving the corrupted Alpaca Forms script. The company is currently investigating the incident and has stated that "there has been no security breach or security problem with Cloud CMS, its customers or its products". At this time, there is no indication that this is the case unless CMS Cloud clients themselves use the Alpaca Forms script for their sites.
Attacks on supply chains, a growing threat to websites
In the last two years, such attacks have become quite commonplace. Known as supply chain attacks, hacker groups realized that breaking well-known Web sites was not as easy as it sounds. They started targeting small businesses providing "secondary code" to these websites and thousands more.
They targeted chat widget providers, live support widgets, analytics companies and more.
Motivations vary by group. For example, some groups hijacked third-party companies to deploy crypto-hacking scripts, while others used the same technique to deploy specialized code that stole only the data entered in the payment forms.
Today's attack is different because it is pretty generic and targets all the form fields of a website, regardless of the purpose.
UPDATE: Article updated with comments from Cloud CMS.
More data breach coverage:
[ad_2]
Source link