Hackers have found a way to collect data from clients of real estate agencies. They contaminated websites with malicious code embedded in the player of a cloud video platform.
With this process, they managed to steal the information entered by the clients of the agencies on the websites. The scripts used are known as skimmers Where formjackers. They make it possible to steal sensitive information entered in forms and in particular the elements which make it possible to make an online payment. In total, Unit 42 found more than 100 real estate sites compromised by this. It is not much, but we must not forget that the were content to use only one vector: the cloud video player.
The flaw comes more precisely from the codeof the platform which allows to personalize the reader. It is this code which was contaminated by a skimmer and who was called by agency web pages. It was enough for the client of the agency to fill in the forms on the site for all of this data to be recorded, then exfiltrated. Since the discovery, the cleaning has been carried out both on the video platform and on contaminated sites. But the big worry was that it was hard to suspect anything. The pirates had sufficiently masked their so that it cannot be detected by most security solutions.