2 min

Hackers are said to have broken into the analytical service of Picreel and the open source project Alpaca Forms. The hackers would have adapted JavaScript files on the infrastructure of the two companies to add malicious code to over 4,600 websites.

The attack is still active, security researchers oppose ZDNet. Also, the rogue scripts are still live. Both attacks were discovered by Willem de Groot, founder of Sanguine Security, and have been confirmed by various other security researchers.

Picreel is an analytics service that allows website owners to record what users do and how they interact with a website, in order to analyse behavioural patterns and increase success rates. Picreel customers must add a piece of JavaScript code to their website in order for the service to do its job. That’s the script that has now been hacked and to which malicious code has been added.

Alpaca Forms is an open source project for building forms on the internet, developed by Cloud CMS. That company still offers a free content delivery network (CDN) service for the project, which is now hacked. The cybercriminals have modified one of the Alpaca Form scripts.

Thousands of websites

How the hackers managed to get into Picreel and the Alpaca Forms CDN is unclear. However, De Groot does state that it seems as if the hacks were performed by one and the same group.

The malicious code logs all content that users fill out in fields in a form and sends the information to a server in Panama. This includes data that users enter into payment pages, contact forms and login fields. The malicious code in the Picreel script was found on 1,249 websites. The code of the Alpaca Forms has been observed on 3,435 domains.

Cloud CMS has already taken action and taken the CDN that offered the affected scripts offline. The company is now investigating the incident and says that there has been no “hack or security problem with Cloud CMS, its customers or its products”. There’s no evidence to suggest this either.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.