Security News > 2022 > January > Hackers use video player to steal credit cards from over 100 sites
Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.
In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player.
In total, Unit42 found over 100 real estate sites compromised by this campaign, showing a very successful supply chain attack.
The cloud video platform involved in the attack allows users to create video players that include custom JavaScript scripts to customize the player.
One such customized video player that is commonly embedded in real estate sites used a static JavaScript file hosted at a remote server.
On the next player update, the video player began serving the malicious script to all real estate sites that already had the player embedded, allowing the script to steal sensitive information inputted into website forms.