Hackers Are Collecting Payment Details And User passwords From 4,600 sites

Srivishnu Ramakrishnan

In a recent turn of events, hackers have reportedly breached analytics service Picreel and enterprise CMS provider Cloud CMS. They have been reported to change the JavaScript files on the infrastructure of these two companies. They have embedded malicious code on over 4600 websites as reported by ZDNet.

The malicious scripts are live and the attack is ongoing. This attack was spotted by Sanguine Security founder Willem de Groot and was confirmed by other security researchers.

According to de Groot, the hack appears to have been carried out by the same threat actor. And, it is known how the attackers breached these two companies. The code logs all the information like username, password, etc a user enters into a form and sends the information to a server based in Panama. What’s more threatening is that the data includes checkout/payment pages, contact forms, and login information.

SEE ALSO  Google Desperately Wants Your Phone Number, But Why?

The malicious code in the Picreel website has been witnessed in over 1249 websites while the other hosted on the CMS Cloud was seen over 3400 websites. But, later in the day, it is reported that all the malicious code from the CMS CLoud has been completely removed.

Picreel is a website analytics service that enables site owners to record what users are doing and how they interact with a site to analyze patterns of behavior. While Cloud CMS is a content administration system hosting in the cloud that allows users and businesses to host a website instead of running it on their own servers.

The motivation behind the attackers varies as some groups have hacked third-party companies to deploy crypto jacking scripts. While there are others who have attacked to steal only data entered in payment forms.

SEE ALSO  Samsung Is Making Continuous Improvements To The Galaxy Fold

Leave a Comment