Threat actors have launched a supply-chain attack leveraging a data skimmer-laced cloud video player that has already successfully impacted at least 100 Sotheby’s real-estate websites, Threatpost
reported citing a report from Palo Alto Networks’ Unit 42 division.
Researchers found that the skimmer code had the ability to harvest data inputted on home showing request pages, including names, phone numbers, and email addresses, which are then sent to a collection server before potentially being used for social-engineering and phishing attacks. The highly polymorphic and evolving skimmer could also have significant ramifications when combined with cloud distribution platforms.
“We have to invent more sophisticated strategies to detect skimmer campaigns of this type, since merely blocking domain names or URLs used by skimmers is ineffective,“ added researchers.