Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.
These scripts are known as skimmers or formjackers and are commonly injected into hacked websites to steal sensitive information entered into forms. Skimmers are commonly used on checkout pages for online stores to steal payment information.
In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected.