Cloud Video Platform Skimmer Heists Valuable Data From Real Estate Sites

Published: March 31, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



For businesses of all kinds and the IT professionals who keep their data systems safe, this is a heads-up about a cybercrime that’s growing in popularity among the hacking set. It’s a data skimming operation using a cloud video platform. Over one hundred real estate websites were targeted, and clients who filled out forms on the affected sites had that information stolen and possibly set up for future cybercrimes. Experts believe that today, real estate websites are in the crosshairs, but who the victims will be tomorrow is anyone’s guess.


Researchers at Unit42 at Palo Alto Networks first discovered and reported this attack is happening on real estate websites, all belonging to the same parent company. They also found the cloud video platforms have the same infected video imported by the same compromised websites. Analyzing the code, Unit42 found the skimmer gathers names, phone numbers, email addresses, and credit card numbers (if requested) from the forms and sends it all to a data collection center.


The video, along with its malicious scripts, is the tool of choice and the video cloud platform is how it’s distributed. The video is modified to act as a data skimmer, also called formjacking, for the completed real estate forms. Unit42 notes it’s not just this information they’re concerned about, saying “We're publishing this piece to alert organizations and web surfers of the potential for supply chain attacks to infect legitimate websites without the knowledge of those organizations.”


From the Cloud to the Crime


For this cybercrime, bad actors created a cloud platform video putting modified, malicious skimming JavaScript into the video. With the next player update, the video sends the malicious script to the target. As a website using the embedded player, the malicious script can infect the entire website. Any website importing the video gets infected, and the skimmer script steals PII on the forms.


Unit42 also cautions those in charge, business owners, and IT pros, about avoiding this latest skimming attack, saying “For website administrators, it is advisable to safeguard any accounts, avoid theft by phishing or social engineering, and manage permissions well. Also, we highly recommend conducting web content integrity checks on a regular basis. This can help detect and prevent injection of malicious code into the website content.”


Anti-Phishing Tips-You Know What To Do:

  • Don’t click links or attachments from unknown senders or that are not expected.

  • Keep an eye out for grammar, spelling, and language use mistakes. Many phishers are not native-English speakers.

  • If the graphics look blurry, it could be your screen (or your eyes), but it also could be a phishing site.

  • When in doubt, confirm with the sender by using the phone, a text, or a personal visit, if you happen to be co-located. If you still aren’t sure the links or attachments are safe, just delete them for safety.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

2 views0 comments