Hackers Use Popular Web Analytics Tool to Steal Online Shoppers’ Payment Information
Threat actors are now targeting Google Analytics service to harvest data entered by users. As the victims are generally Europe and Americas-based online stores selling cosmetics, food products, digital equipment, and spare parts, the stolen information includes their shoppers’ credit card details.
To perform an attack, evildoers inject malicious code into web sites of their interest, which then harvests all the data entered by visitors and sends it through Google Analytics to hackers’ Analytics accounts. According to a dedicated report by cybersecurity firm Kaspersky, there are around two dozen infected sites globally.
Collecting Everything Anyone Enters
“To make the data flow to a third-party resource less visible, fraudsters often register domains resembling the names of popular web services, and in particular, Google Analytics (google-anatytics[.]com, google-analytcsapi[.]com, google-analytc[.]com, google-anaiytlcs[.]com, google-analytics[.]top, google-analytics[.]cm, google-analytics[.]to, google-analytics-js[.]com, googlc-analytics[.]com, etc.). But attacks of this kind were also found to sometimes use the authentic service,” the report further explains.
To disguise their malicious activity, cybercriminals are using an anti-debugging technique. They also leave themselves a loophole to monitor the script in Debug mode.
“If the anti-debugging is passed, the script collects everything anyone inputs on the site (as well as information about the user who entered the data: IP address, UserAgent, time zone). The collected data is encrypted and sent using the Google Analytics Measurement Protocol,” the Kaspersky report reads.
The names of the affected online stores have not been disclosed yet, though.
Google Services Hit by Cyber Attacks
Google-related fraudulent activities have increased in number over the past months. As of May, Google’s Chrome Web Store was reportedly hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions.
Once downloaded, those extensions can collect credential tokens stored in cookies or parameters, passwords, take screenshots, and read the clipboard.
Also last month, cybersecurity researchers detected a modified version of ComRAT malware, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users.
Subscribe to our Newsletter<
- AT&T Faces Lawsuit Over Alleged SIM Swapping Leading to Massive Cryptocurrency Theft
- North Korean Hacker Group Lazarus Laundered Over 2,500 Stolen Bitcoins In May, Report
- U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data
- FBI Names Six U.S. States Most Vulnerable to Online Attacks
- U.S. Accuses Julian Assange of Recruiting LulzSec and Anonymous Hackers to Steal Gov’t Documents for WikiLeaks
- Eastern European Hacker Group Stole $200m From Crypto Exchanges via Supply-Chain Attack
- How to Defend Yourself Against Scammers, Corporations, and Government: Hacker’s Perspective
- Google Chrome Extensions With 32M Downloads Have Malicious Add-Ons that Steal Data, Report