THREAT OPS › Threat News › SmartApeSG Launches Okendo Reviews Supply Chain Attack
SmartApeSG Launches Okendo Reviews Supply Chain Attack
IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered malicious JavaScript code embedded in a legitimate reviews widget found on numerous websites. Our analysis revealed that the affected component was the Okendo Reviews widget, a popular customer review platfo
MITRE ATT&CK techniques
Indicators of compromise
- http://cdn-static.okendo.io/reviews-widget-plus/js/okendo-reviews.jshxxps://api.wigetticks.com/logout/private-response.php?8D1V4th3url
- https://api.wizzleticks.com/claims/scope-schema.php?4ManBBdAurl