Keyloggers Injected in Web Trust Seal Supply Chain Attack

Keyloggers Injected in Web Trust Seal Supply Chain Attack


Hackers compromised the script used by Best of the Web to display their trust seal on their customers' websites and to add two key logging scripts designed to sniff keystrokes from visitors.


As Sanguine Security researcher Willem de Groot found out, "The security seal as sold by @bestoftheweb contains even 2 different keystroke loggers. One was added on Apr 24th, the other last week."


After de Groot disclosed his discovery to Best of the Web, the company confirmed that their trust seal script which was hosted on Amazon’s content delivery network (CDN) was indeed hacked.


In addition, the company stated that it took immediate action to fix the issue and all customers impacted by the compromised script were being contacted.


As Best of the Web Trust Seal Team said in an email to BleepingComputer:‏ 



Earlier today, we were notified that the script we use to display trust seals that we host on Amazon’s content delivery network (CDN) was compromised. We took immediate action to remedy the situation and are in the process of informing those who were affected. We will be conducting a full security audit of our hosted accounts to ensure that this does not happen again.



The keystroke logging scripts found by the researcher were encoded but de Groot managed to decode them, with the decoded versions of the JavaScript-based keyloggers being available on GitHub Gist and the obfuscated versions HERE.


A list of ..