Tuesday, November 5, 2024
Homecyber securityHackers Use Video Players in Websites to Steal Sensitive User Information

Hackers Use Video Players in Websites to Steal Sensitive User Information

Published on

Malware protection

On real estate websites recently the threat actors have placed a malicious script that steals sensitive data, that is entered by the user in the targeted website.

Here in this event, the hackers have targeted the cyberattacks on supply chains, and to perform this, they have used a cloud-based video hosting service. 

A research unit of Palo Alto Networks, Unit 42 has reported that hackers are insinuating malicious JavaScript code into videos. And at this point when the video is imported to other sites in which the skimmer codes are embedded.

- Advertisement - SIEM as a Service

Moreover, the hackers have compromised more than 100 real estate websites in this malicious campaign which clearly depicts that it’s a clear successful supply chain attack.

Infecting multiple by hacking once 

Apart from this, Skimmer attacks are also known as formjacking, and in these cyber attacks, the hackers inject malicious JavaScript into a target website. Here they target the checkout or payment pages on shopping and e-commerce portals to steal sensitive user data like:-

  • Debit Card Information
  • Credit Card information
  • Email
  • Physical Address
  • Date of Birth
  • CC CVV
  • DC CVV
  • Name
  • Phone Number

The websites that are in question are owned by the same parent company, and the experts at Unit 42 have not disclosed the name of the company. What they did is they helped the company to remove the malware.

To include a malicious skimmer script the hackers modified the upstream JavaScript file and gained access to it. Now once done with this, the video player starts serving malicious script since the hackers keep the next player update loaded with malicious script.

The real estate website that had the player embedded are served with the malicious script through which the threat actors steal all the sensitive user inputs that are made by the users into the website forms.

Operational process

Here we have simplified the operational process of it in a few simple steps, and here we have mentioned below:-

  • First of all, it checks whether the webpage load is done or not.
  • Then it calls the next function.
  • After that, from the HTML document, it read and steals all the user inputs.
  • Once done with the above step, now it calls a data-validating function before saving it.
  • Lastly, by creating an HTML tag and filling the image source with the server URL, all the stolen data collected are sent to the C2 (https://cdn-imgcloud[.]com/img).

So, the experts have strongly recommended website admins to not trust blindly all the JavaScript scripts that are embedded on their sites.

While what they have advised admins to follow is regularly conduct web content integrity checks, and along with that use form-jacking detection solutions.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...