Hackers breach Picreel, CloudCMS, affecting over 4,600 websites

Hackers have breached two services and infected over 4,600 websites with malware by modifying their JavaScript code, according to cybersecurity researchers.

In a series of tweets, a researcher said that Picreel, an analytics service that enables website owners to see what users are doing and how they interact with a website, was hacked last week.

“Their 1200+ customer sites are now leaking data to an exfil server in Panama,” he said.

Later on, the same researcher said in another tweet, that CloudCMS.com had also been hacked, affecting some 3,400 websites. Its content delivery network (CDN) had been breached, allowing hackers to modify one of its Alpaca Forms scripts. Alpaca Forms is an open source project that lets website owners create web forms.

It is not known how hackers breached either service.

Reports say that CloudCMS has taken down the affected CDN serving up the compromised Alpaca Form script and that the incident is under investigation. Reports also say that both Picreel and CloudCMS have removed the malicious code from their services.

This is the latest in a series of efforts by hackers to compromise web sites through their use of open source components. In fact, in the 2019 OSSRA report it was observed that open source components were in use in 96 percent of the audited applications, and that’s because application development teams focus on their unique code and leave the plumbing and foundation to shared components from the open source community. Malicious actors then take advantage of this dynamic to affect components.