Dozens of sites hacked through simple cloud video player

Log4Shell the flaw that shakes all servers

Hackers have found a way to collect data from clients of real estate agencies. They contaminated websites with malicious code embedded in the player of a cloud video platform.

You will also be interested


[EN VIDÉO] What is a cyberattack?
With the development of the Internet and the cloud, cyber attacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the hackers’ methods and what are the most massive cyber attacks?

The gate entry of many hacks is done by a weak link located more or less close to the target of the network targeted by the hackers. This is precisely the case with the latest discovery of the Unit 42 laboratory of the cybersecurity company of Palo Alto Networks. Hackers have used a heavily integrated cloud-based video player on real estate agency websites as a vector.

With this process, they managed to steal the information entered by the clients of the agencies on the websites. The scripts used are known as skimmers Where formjackers. They make it possible to steal sensitive information entered in forms and in particular the elements which make it possible to make an online payment. In total, Unit 42 found more than 100 real estate sites compromised by this attack. It is not much, but we must not forget that the pirates were content to use only one vector: the cloud video player.

Malicious JavaScript code

The flaw comes more precisely from the code Javascript of the platform which allows to personalize the reader. It is this code which was contaminated by a skimmer and who was called by agency web pages. It was enough for the client of the agency to fill in the forms on the site for all of this data to be recorded, then exfiltrated. Since the discovery, the cleaning has been carried out both on the video platform and on contaminated sites. But the big worry was that it was hard to suspect anything. The pirates had sufficiently masked their viral load so that it cannot be detected by most security solutions.

Interested in what you just read?

.

fs1