Home / Early Warning / Cybersecurity Highlights / Thousands of websites infected for the purpose of collecting users information

Thousands of websites infected for the purpose of collecting users information

05/12/2019

Willem de Groot, researcher at Sanguine Security, has discovered that a group of cyberattackers have managed to take control of two web add-ons: the Picreel web analytics service and the Alpaca Forms open source web form creation project, modifying the JavaScript files in the infrastructure of these two companies to add malicious code to the thousands of websites that use it.

The attackers discovered that both complements were insecure and allowed the insertion of malicious code, so they used their own code to obtain information from users of the websites that implement them, including passwords and payment data, which is being filtered to an external server located in Panama. Therefore, it is necessary to clarify that the webs have not been hacked, but the complements Priceel and Alpaca Forms.

The creators of these add-ons have already removed the malicious code but, until then, it is estimated that more than 4,600 web pages have been compromised in this way, spread between 1,249 Picreel and 3,435 Alpaca Forms.