Hackers Deployed Malware On 4600 Websites To Steal User Information

A researcher has discovered a massive cyber attack that seems to have occurred on various e-Commerce websites. The hackers deployed malware on 4600 websites as they intruded into Picreel and Alpaca Forms. The malicious code embedded on the target websites collected payment data and passwords for the hackers.

Malware On 4600 Websites Stole Data

Researcher Willem de Groot revealed a massive hacking attack on a supply chain had occurred. As per his findings, the hackers deployed malware on 4600 websites in order to pilfer sensitive data. He first disclosed the incident publicly in one of his tweets, stating about Picreel hack affecting over 1200 sites.

He then disclosed CloudCMS hack as well, which affected 3400 websites.

In response to de Groot’s tweet, CloudCMS elaborated that incident affected Alpaca Forms – an open source project.

“We investigated this. It wasn’t related to Cloud CMS but rather to the Alpaca forms open source project.”

They suspected that the hackers might have exploited a ‘basic httpd known vulnerability’ to breach the CDN.

Reportedly, the malicious code running on the affected services pilfered data from the websites, and sent them to the hackers. ZDNet reveals that the malware gathered details entered by the users on payment or checkout pages, login forms, and contact forms. It then submitted the data to a server in Panama.

Malicious Code Removed

According to recent reports, the matter seems nearing resolution. In their tweet, Cloud CMS stated about the removal of infected JS files.

Later, Willem de Groot also confirmed the removal of malicious codes from both the affected services.

Cloud CMS also confirmed the integrity of their products in an statement to ZDNet.

“There has been no security breach or security issue with Cloud CMS, its customers or its products.”

Nonetheless, the origin and identity of hackers and the way they succeeded in the breach still remains unknown.

Picreel is a web analytics service that empowers the website owners to monitor user interaction with the site and web activity for boosting conversion rates. The customers have to embed the Picreel JS code on their sites to use the service.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients