A researcher has discovered a massive cyber attack that seems to have occurred on various e-Commerce websites. The hackers deployed malware on 4600 websites as they intruded into Picreel and Alpaca Forms. The malicious code embedded on the target websites collected payment data and passwords for the hackers.
Malware On 4600 Websites Stole Data
Researcher Willem de Groot revealed a massive hacking attack on a supply chain had occurred. As per his findings, the hackers deployed malware on 4600 websites in order to pilfer sensitive data. He first disclosed the incident publicly in one of his tweets, stating about Picreel hack affecting over 1200 sites.
Supply chain attack of the week: @Picreel_
marketing software got hacked last night, their 1200+ customer sites are now leaking data to an exfil server in Panama.Victims: https://t.co/0qJX6LGEdG
Decoded malware: https://t.co/ZiuhUBP3cf pic.twitter.com/X9uDIctYa9
— gwillem (@gwillem) May 12, 2019
He then disclosed CloudCMS hack as well, which affected 3400 websites.
And also hacked: https://t.co/mrotpDAgoG with some 3400 sites. https://t.co/wxR98sdz8t
— Willem de Groot (@gwillem) May 12, 2019
In response to de Groot’s tweet, CloudCMS elaborated that incident affected Alpaca Forms – an open source project.
“We investigated this. It wasn’t related to Cloud CMS but rather to the Alpaca forms open source project.”
They suspected that the hackers might have exploited a ‘basic httpd known vulnerability’ to breach the CDN.
No. The Alpaca CDN was origin backed. It seems like a basic httpd known vulnerability they may have exploited.
— Cloud CMS (@CloudCMS) May 13, 2019
Reportedly, the malicious code running on the affected services pilfered data from the websites, and sent them to the hackers. ZDNet reveals that the malware gathered details entered by the users on payment or checkout pages, login forms, and contact forms. It then submitted the data to a server in Panama.
Malicious Code Removed
According to recent reports, the matter seems nearing resolution. In their tweet, Cloud CMS stated about the removal of infected JS files.
We investigated this. It wasn’t related to Cloud CMS but rather to the Alpaca forms open source project. We removed the free hosting of those infected js files for now. And will get them back online as quick as we can. Thank you for all of the information you provided!
— Cloud CMS (@CloudCMS) May 12, 2019
Later, Willem de Groot also confirmed the removal of malicious codes from both the affected services.
Both @Picreel_ and @CloudCMS have removed the malicious code.
— Willem de Groot (@gwillem) May 13, 2019
Cloud CMS also confirmed the integrity of their products in an statement to ZDNet.
“There has been no security breach or security issue with Cloud CMS, its customers or its products.”
Nonetheless, the origin and identity of hackers and the way they succeeded in the breach still remains unknown.
Picreel is a web analytics service that empowers the website owners to monitor user interaction with the site and web activity for boosting conversion rates. The customers have to embed the Picreel JS code on their sites to use the service.
Take your time to comment on this article.