Hackers compromised the script used by Best of the Web to display their trust seal on their customers’ websites and to add two key logging scripts designed to sniff keystrokes from visitors. The company confirmed the script which was hosted on Amazon s content delivery network (CDN) was indeed hacked. Over 100 of the websites where the compromised trust seal script is present can be found via a PublicWWW scan, with over 100 of them still linking to compromised versions of the script.
Source: https://www.bleepingcomputer.com/news/security/keyloggers-injected-in-web-trust-seal-supply-chain-attack/