Cybercriminal has breached Open source Alpaca Forms and analytics service Picreel and infected over 4,600 websites with malicious code.
The attacks were first spotted by security researcher Willem de Groot, founder of Sanguine Security.
Picreel is an analytic service which helps users to improve their website performance by analysing customer behaviours patterns.
Alpaca Forms is an open-source project supported by Cloud CMS and is used to create interactive HTML5 forms for web and mobile applications.
Hacker may have breached the CDN (content delivery network) of Cloud CMS and modified one of the Alpaca Form scripts.
The malicious script records all the data user enter in the form fields and sends to a server located in Panama.
The stolen data includes the data from contact forms, payment and login pages.
It is still unknown how the hackers infiltrated into both companies. According to the researcher, the threat actor behind both attacks is the same person.
ZDNet has notified the companies about the issue and Cloud CMS responded by saying they have disabled the CDN that was serving the modified Alpaca Form scripts.
At the time of writing Picreel has also removed the malicious codes from their files.
You may be interested in reading: New Emotet Trojan Variant Uses Compromised Devices as Proxy C&C Servers