The attack is still active, security researchers oppose ZDNet. Also, the rogue scripts are still live. Both attacks were discovered by Willem de Groot, founder of Sanguine Security, and have been confirmed by various other security researchers.
Alpaca Forms is an open source project for building forms on the internet, developed by Cloud CMS. That company still offers a free content delivery network (CDN) service for the project, which is now hacked. The cybercriminals have modified one of the Alpaca Form scripts.
Thousands of websites
How the hackers managed to get into Picreel and the Alpaca Forms CDN is unclear. However, De Groot does state that it seems as if the hacks were performed by one and the same group.
The malicious code logs all content that users fill out in fields in a form and sends the information to a server in Panama. This includes data that users enter into payment pages, contact forms and login fields. The malicious code in the Picreel script was found on 1,249 websites. The code of the Alpaca Forms has been observed on 3,435 domains.
Cloud CMS has already taken action and taken the CDN that offered the affected scripts offline. The company is now investigating the incident and says that there has been no “hack or security problem with Cloud CMS, its customers or its products”. There’s no evidence to suggest this either.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.