Security researcher Willem de Groot that, as a result of hacking the infrastructure, the attackers were able to introduce a malicious insert into the code of the web analytics system and an open platform for generating interactive web forms . The substitution of the JavaScript code led to the compromise of 4684 sites that use these systems on their pages ( β Picreel and - Alpaca Forms).
Embedded collected information about filling in all web forms on the sites, and could also lead to the interception of entering payment information and authentication parameters. The intercepted information was sent to the font-assets.com server under the guise of an image request. There is no information on exactly how the Picreel infrastructure and the CDN network for delivering the Alpaca Forms script were compromised. It is only known that during the attack on Alpaca Forms, the scripts supplied through the Cloud CMS content delivery network were substituted. was camouflaged as an array of data in script (decryption of the code can be viewed ).
Among the users of compromised projects are many large companies, including Sony, Forbes, Trustico, FOX, ClassesUSA, 3Dcart, Saxo Bank, Foundr, RocketInternet, Sprit and Virgin Mobile. Given that this is not the first attack of its kind (see with the substitution of the StatCounter counter), site administrators are advised to be very careful about placing third-party JavaScript code, especially on pages related to payments and authentication.
Source: opennet.ru