Same hacker group compromises Alpaca Forms and Picreel to deploy malicious code to thousands of sites.
Both hacks have been spotted by Sanguine Security founder Willem de Groot earlier today and confirmed by several other security researchers.
Alpaca Forms is an open-source project for building web forms. It was initially developed by the enterprise CMS provider Cloud CMS and open-sourced eight years ago. Cloud CMS still provides a free CDN (content delivery network) service for the project. Hackers appear to have breached this Cloud CMS-managed CDN and modified one of the Alpaca Form scripts.
The malicious code embedded in the Picreel script has been seen on 1,249 websites, while the Alpaca Forms one has been seen on 3,435 domains.
Cloud CMS has intervened and taken down the CDN that was serving the tainted Alpaca Forms script. The company is now investigating the incident and clarified “there has been no security breach or security issue with Cloud CMS, its customers or its products.” Currently, there is no evidence to suggest this, unless Cloud CMS customers used the Alpaca Forms script for their sites on their own.
SUPPLY-CHAIN ATTACKS, A GROWING THREAT FOR WEBSITES
In the past two years, attacks like these ones have become quite common. Known as supply-chain attacks, hackers groups have realized that breaching high-profile websites isn’t as simple as it sounds, and they’ve started targeting smaller businesses that provide “secondary code” to these websites, and thousand others.
They targeted providers of chat widgets, live support widgets, analytics companies, and more.
Motivations vary depending on the group. For example, some groups have hacked third-party companies to deploy cryptojacking scripts, while others have used the same technique to deploy specialized code that steals only data entered in payment forms.
Today’s attack is different because it is quite generic, targeting every form field on a website, regardless of purpose.
Hackers steal 7.5TB of data from Russian Intel Agency FSB’s contractorOn Saturday, 13 July 2019, a group of hackers going by the online handle of 0v1ru$ hacked and defaced the official website of SyTech, a high-profile contractor working for Russian intelligence...
Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 DevicesIdentifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector. Vulnerabilities in the way Bluetooth Low Energy is implemented...
Sprint says hackers breached customer accounts via Samsung websiteUS mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com "add a line" website. "On June 22, Sprint was informed of unauthorized access to your...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!