Supply Chain Attack Hits Best of the Web Website
Earlier this week, a security researcher discovered that threat actors injected keyloggers into the Best of the Web trust seal that has been issued to over a 100 websites. Keyloggers are malware designed to steal user information by recording keystrokes. Often they also have other data stealing capabilities, such as grabbing stored cookies and taking screenshots on a compromised system.
Ironically, websites can apply for the Best of the Web seal to show customers that they are trustworthy and safe, but due to the compromise of the seal the websites displaying it are now actually putting users at risk. Best of the Web says it has launched an investigation into the incident and is informing the affected websites.