Hackers Target Real Estate Websites with Skimmers
Reading Time: 2 minutes


Hackers target real estate websites with skimmers to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby’s Realty. The threat actors inject malicious skimmers on such websites to steal sensitive personal information.

According to Palo Alto Networks’ Unit 42 researchers, “The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well.”

Bad actors are inserting malicious JavaScript code in targeted websites, mostly on checkout or payment pages; it’s a method called formjacking on shopping and e-commerce portals. It enables them to fabricate valuable information such as credit card details entered by users.

The current events are similar to the Magecart attacks where the bad actors breached the Brightcove account of Sotheby’s. They managed to deploy a malicious code into the player of the cloud video platform by tampering with a script, which could be uploaded to add JavaScript customizations to the video player.

The researchers further said, “The attacker altered the static script at its hosted location by attaching skimmer code. Upon the next player update, the video platform re-ingested the compromised file and served it along with the impacted player.” This also worked with the video service and the real estate company to help remove the malware.

According to MalwareBytes, the campaign started in early January 2021 where the hackers managed to harvest information such as names, emails, phone numbers, credit card data from a remote server “cdn-imgcloud[.]com”. It also functioned as a collection domain for a Magecart attack targeting Amazon CloudFront CDN in June 2019.

Users are recommended to conduct web content integrity checks on a periodic basis to detect and prevent injection of the malicious code into online sites. They should also safeguard accounts from takeover attempts and watch out for potential social engineering schemes.

On a concluding note, the researchers said, “The skimmer itself is highly polymorphic, elusive and continuously evolving.  When combined with cloud distribution platforms, the impact of a skimmer of this type could be very large.”

Related Articles:
SlimPay fined €180k after having 12 million customers’ data publicly accessible for five years.
Fake Telegram Messenger App Hacking PCs with Purple Fox Malware
Apple’s iOS Mobile Operating System is Vulnerable to New HomeKit ‘doorLock’ Bug