Picreel (via pop-up script)
Picreel pop-up script delivered skimmer.
Picreel, a service for conversion tools such as exit pop-ups, had its hosted JavaScript compromised. Attackers modified the script served to customer sites and injected a credit card skimmer, turning a marketing widget into payment-card theft wherever clients embedded it.
- Date
- 2019-01-01 to 2019-05-01
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- dependency
- Impact
- Credential theft
- Cause
- Compromised third-party script
What Was Affected
Package
Picreel (via pop-up script)
LanguageJavaScript
ComponentScript
Artifact typesource archive
Domain typeproject download host
Domain
picreel.com
Incident Context
- Motive
- Financial gain
- Attribution
- Cybercriminal Gang
- Transitive
- Yes
- Observed Duration
- 120 days
Evidence
Compromised Artifacts
- Compromised JavaScript files served by Picreel to its clients via picreel.com, active around early 2019.
Current Artifacts and Analysis
- https://medium.com/sanguine-security-labs/popular-analytics-service-picreel-hacked-to-skim-credit-cards-f88b39905502 # Original Sanguine Labs (Sansec) analysis (Link confirmed dead, needs alternative or removal)
- https://www.bleepingcomputer.com/news/security/picreel-conversion-platform-hacked-to-steal-credit-cards/ # BleepingComputer report (Link confirmed dead, needs alternative or removal)
External References
- https://medium.com/sanguine-security-labs/popular-analytics-service-picreel-hacked-to-skim-credit-cards-f88b39905502 # Original Sanguine Labs (Sansec) analysis (Link confirmed dead, needs alternative)
- https://www.bleepingcomputer.com/news/security/picreel-conversion-platform-hacked-to-steal-credit-cards/ # BleepingComputer report (Link confirmed dead, needs alternative)
Source Data
Source record: proprietary/picreel/meta.yaml