Feedify
Feedify push notification script compromised.
Feedify, a push notification service provider, had its JavaScript library compromised. Attackers injected malicious code into the script served to Feedify's customers. This skimmer code was then loaded on the websites of numerous businesses using Feedify, attempting to steal payment card details from their end-users.
- Date
- 2018-09-01 to 2018-11-01
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- dependency
- Impact
- Credential theft
- Cause
- Compromised third-party script
What Was Affected
Package
Feedify
LanguageJavaScript
ComponentScript
Artifact typesource archive
Domain typeproject download host
Domain
feedify.net
Incident Context
- Motive
- Financial gain
- Attribution
- Cybercriminal Gang
- Transitive
- Yes
- User Impact
- 4000
- Observed Duration
- 61 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Source Data
Source record: proprietary/feedify/meta.yaml