Okendo Reviews Supply Chain Attack

June 18, 2026, 8:37 p.m.

Description

On May 14, 2026, a supply chain attack was discovered targeting the Okendo Reviews widget, a customer review platform used by over 18,000 brands. The threat actor injected malicious JavaScript code into the legitimate widget, which is deployed on high-traffic e-commerce pages including storefronts and product pages. The compromised JavaScript acted as a staged loader, using obfuscation, localStorage tracking, User-Agent filtering, and XOR-based decoding to conceal next-stage infrastructure. The attack employed ClickFix-style social engineering to deceive users into executing malicious commands, ultimately delivering remote access trojans like NetSupport and Remcos, or information stealers such as StealC. Affected websites received hundreds of thousands to millions of monthly visitors, with nearly 15,000 blocks recorded in a single day.

External References

https://otx.alienvault.com/pulse/6a3408141101549b20c17550
https://www.zscaler.com/blogs/security-research/smartapesg-launches-okendo-reviews-supply-chain-attack
Tags
remcos
netsupport
stealc
clickfix
netsupport rat
supply chain attack
javascript injection
smartapesg
smartrat
2026-06-18
okendo reviews
sectop rat

Date

  • Created: June 18, 2026, 3 p.m.
  • Published: June 18, 2026, 3 p.m.
  • Modified: June 18, 2026, 8:37 p.m.

Indicators

  • http://cdn-static.okendo.io/reviews-widget-plus/js/okendo-reviews.js
  • https://api.wizzleticks.com/claims/scope-schema.php?4ManBBdA
  • https://api.wigetticks.com/logout/private-response.php?8D1V4th3
Download all indicators here!

Attack Patterns

  • SmartRAT
  • StealC
  • Sectop RAT
  • NetSupport
  • Remcos
  • SmartApeSG

Additional Informations

  • Retail