Supply-chain attack hits over 100 real-estate sites

Threat actors have launched a supply-chain attack leveraging a data skimmer-laced cloud video player that has already successfully impacted at least 100 Sotheby’s real-estate websites, Threatpost reported citing a report from Palo Alto Networks’ Unit 42 division. “In skimmer attacks, cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site’s HTML form page to collect sensitive user information. In the case of the attacks described here, the attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well,“ said researchers. Researchers found that the skimmer code had the ability to harvest data inputted on home showing request pages, including names, phone numbers, and email addresses, which are then sent to a collection server before potentially being used for social-engineering and phishing attacks. The highly polymorphic and evolving skimmer could also have significant ramifications when combined with cloud distribution platforms. “We have to invent more sophisticated strategies to detect skimmer campaigns of this type, since merely blocking domain names or URLs used by skimmers is ineffective,“ added researchers.