On real estate websites recently the threat actors have placed a malicious script that steals sensitive data, that is entered by the user in the targeted website.
Here in this event, the hackers have targeted the cyberattacks on supply chains, and to perform this, they have used a cloud-based video hosting service.
Moreover, the hackers have compromised more than 100 real estate websites in this malicious campaign which clearly depicts that it’s a clear successful supply chain attack.
Infecting multiple by hacking once
- Debit Card Information
- Credit Card information
- Physical Address
- Date of Birth
- CC CVV
- DC CVV
- Phone Number
The websites that are in question are owned by the same parent company, and the experts at Unit 42 have not disclosed the name of the company. What they did is they helped the company to remove the malware.
The real estate website that had the player embedded are served with the malicious script through which the threat actors steal all the sensitive user inputs that are made by the users into the website forms.
Here we have simplified the operational process of it in a few simple steps, and here we have mentioned below:-
- First of all, it checks whether the webpage load is done or not.
- Then it calls the next function.
- After that, from the HTML document, it read and steals all the user inputs.
- Once done with the above step, now it calls a data-validating function before saving it.
- Lastly, by creating an HTML tag and filling the image source with the server URL, all the stolen data collected are sent to the C2 (https://cdn-imgcloud[.]com/img).
While what they have advised admins to follow is regularly conduct web content integrity checks, and along with that use form-jacking detection solutions.