Palo Alto Networks’ Unit 42 researchers in a reported that ,”The attacker injected the skimmer JavaScript codes into the video, so whenever others import the video, their websites become embedded with skimmer codes as well.

Threat actors used a cloud video hosting service to carry out a supply chain attack on more than 100 Sotheby’s Realty real estate websites, which included injecting malicious skimmers to steal sensitive personal information.

Skimmer attacks, also known as formjacking, are a type of cyber attack in which bad actors insert malicious JavaScript code into the target website, most commonly on checkout or payment pages on shopping and e-commerce portals, in order to harvest valuable information such as credit card details entered by users.

The operators behind the Magecart attacks breached Sotheby’s Brightcove account and deployed malicious code into the cloud video platform’s player by tampering with a script that can be uploaded to add JavaScript customizations to the video player in the latest incarnation of the campaign.

According to MalwareBytes, the campaign began as early as January 2021, with the harvested information — names, emails, phone numbers, and credit card data — exfiltrated to a remote server “cdn-imgcloud[.]com,” which also served as a collection domain for a Magecart attack targeting Amazon CloudFront CDN in June 2019.

“By attaching skimmer code to the static script at its hosted location, the attacker modified it. The video platform re-ingested the compromised file and served it alongside the impacted player after the next player update .”

Finally the researchers concluded that ,”To detect and prevent malicious code injection into online sites, it is recommended to perform web content integrity checks on a regular basis, as well as protect accounts from takeover attempts and keep an eye out for potential social engineering schemes. The skimmer is highly polymorphic, elusive, and constantly evolving. When combined with cloud distribution platforms, a skimmer of this type could have a significant impact.”

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s