Two recent supply-chain attacks have allowed hackers to collect the payment info and user passwords of more than 4,600 websites.
According to ZDNet, the supply-chain attacks were spotted by Twitter user and Sanguine Security forensic analyst Willem de Groot and were still considered ongoing as of Sunday, May 12.
However, as ZDNet notes, that conclusion doesn’t seem to be supported by any proof. Also, the code found in the Alpaca Forms attack has been spotted on 3,435 sites. And the malicious code found in the Picreel attack was reportedly spotted on 1,249 websites so far.
It is currently unclear who the hackers are. However, it was reported by de Groot via Twitter on Monday, May 13 that the malicious code has finally been removed by Picreel and Cloud CMS.
- ZombieLoad is Meltdown resurrected. Here’s how to secure your PC right now
- After fourth attack, hacker puts personal records of 26M people up for sale
- 2 million diners hit by malware attack at restaurants across U.S.
- Hackers broke into Outlook.com using worker’s credentials, Microsoft says
- Own an Asus computer? Malware might be hiding in your system