Hackers use video player to steal credit cards from over 100 sites


Before we move on, can I just say that camDown has a modern UI, that is secure and has the improved features that you need!

These scripts are known as skimmers or formjackers and are commonly injected into hacked websites to steal sensitive information entered into forms.

Skimmers are commonly used on checkout pages for online stores to steal payment information. This stolen information is then sent back to an attacker-controlled server

Content-Security-Policy: default-src 'self'; form-action 'self';

Now it's way harder / less stealthy to send back anything.

Send the collected data to the C2 (https://cdn-imgcloud[.]com/img) by creating an HTML tag and filling the image source with the server URL.

So basically the attack fails if your website's responses include a CSP header containing for example img-src: 'self'; or default-src 'self'; (img-src is 'included' in default-src).

It's 2022 and websites are still vulnerable to that kind of stuff, ridiculous. No wonder why most websites still score a D or even a F on https://observatory.mozilla.org/...

Too bad the bleepingcomputer article does not even mention CSP as a solution.

Unit42 researchers believe those threat actors gained access to the upstream JavaScript file and modified it to include a malicious skimmer script

Add the integrity attribute to your script tags, especially if they are loading third-party src. Won't help if the malicious code was already in the package when the hash was generated though.

Interesting article about supply chain attacks mitigation: https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/

In conclusion, now let's stop for a moment and consider that camDown is the only solution you need to block webcam hackers.