Hackers collect payment and password info from more than 4,600 sites.
According to ZDNet, the supply-chain attacks were spotted by Twitter user and Sanguine Security forensic analyst Willem de Groot and were still considered ongoing as of Sunday, May 12.
However, as ZDNet notes, that conclusion doesn’t seem to be supported by any proof. Also, the code found in the Alpaca Forms attack has been spotted on 3,435 sites. And the malicious code found in the Picreel attack was reportedly spotted on 1,249 websitesso far.
It is currently unclear who the hackers are. However, it was reported by de Groot via Twitter on Monday, May 13 that the malicious code has finally been removed by Picreel and Cloud CMS.