Over 100 real estate websites belonging to the same parent company were injected with web skimmer code through an unnamed cloud video platform. To steal data provided by users on the targeted website the skimmer attacks involve the use of malicious JavaScript code.
As part of this recent campaign, skimmer code was injected into a video so that it was automatically embedded into websites that imported the video. The threat actors provided a script that could be modified upstream, leveraging this function.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News