Security News > 2022 > January > Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites

A supply-chain campaign infecting Sotheby's real-estate websites with data-stealing skimmers was recently observed being distributed via a cloud-video platform.

"In skimmer attacks, cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site's HTML form page to collect sensitive user information," researchers explained in a Monday posting.

"In the case of the attacks described here, the attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well."

An analysis of the skimmer code showed that it harvests information that victims load into contact pages requesting a home showing, including names, emails and phone numbers.

"The skimmer itself is highly polymorphic, elusive and continuously evolving," researchers warned.

"When combined with cloud distribution platforms, the impact of a skimmer of this type could be very large. For these reasons, attacks like this raise the stakes for security researchers to untangle their sophisticated strategies and trace them to the root cause. We have to invent more sophisticated strategies to detect skimmer campaigns of this type, since merely blocking domain names or URLs used by skimmers is ineffective."

News URL

https://threatpost.com/data-skimmer-sothebys-real-estate-websites/177347/