Hackers compromised the script used by Best of the Web to display their trust seal on their customers’ websites and to add two key logging scripts designed to sniff keystrokes from visitors. […]

from https://www.bleepingcomputer.com/news/security/keyloggers-injected-in-web-trust-seal-supply-chain-attack/