Hackers Use Popular Web Analytics Tool to Steal Online Shoppers’ Payment Information
Threat actors are now targeting Google Analytics service to harvest data entered by users. As the victims are generally Europe and Americas-based online stores selling cosmetics, food products, digital equipment, and spare parts, the stolen information includes their shoppers’ credit card details.
To perform an attack, evildoers inject malicious code into web sites of their interest, which then harvests all the data entered by visitors and sends it through Google Analytics to hackers’ Analytics accounts. According to a dedicated report by cybersecurity firm Kaspersky, there are around two dozen infected sites globally.
Collecting Everything Anyone Enters
“To make the data flow to a third-party resource less visible, fraudsters often register domains resembling the names of popular web services, and in particular, Google Analytics (google-anatytics[.]com, google-analytcsapi[.]com, google-analytc[.]com, google-anaiytlcs[.]com, google-analytics[.]top, google-analytics[.]cm, google-analytics[.]to, google-analytics-js[.]com, googlc-analytics[.]com, etc.). But attacks of this kind were also found to sometimes use the authentic service,” the report further explains.
To disguise their malicious activity, cybercriminals are using an anti-debugging technique. They also leave themselves a loophole to monitor the script in Debug mode.
“If the anti-debugging is passed, the script collects everything anyone inputs on the site (as well as information about the user who entered the data: IP address, UserAgent, time zone). The collected data is encrypted and sent using the Google Analytics Measurement Protocol,” the Kaspersky report reads.
The names of the affected online stores have not been disclosed yet, though.
Google Services Hit by Cyber Attacks
Google-related fraudulent activities have increased in number over the past months. As of May, Google’s Chrome Web Store was reportedly hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions.
Once downloaded, those extensions can collect credential tokens stored in cookies or parameters, passwords, take screenshots, and read the clipboard.
Also last month, cybersecurity researchers detected a modified version of ComRAT malware, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users.
Subscribe to our Newsletter<
- New Report Reveals How Long Hackers Keep Using Compromised Accounts
- North Korean Hackers Create Crypto-Trading Apps to Steal Cryptocurrencies
- CipherTrace: Twitter Hackers Laundered Stolen Bitcoins Through Exchanges and Casinos
- 7th Hacker Congress in Prague to Seek Relief from Digital Totalitarianism
- Former GlobalHell Hacker: The Attack on Twitter Is Way Bigger than Anticipated
- UK, U.S., and Canada Accuse Russia of Hacking Attacks to Steal Secret Research on Covid-19 Vaccine
- Hack of the Decade: Shameless Bitcoin Scam or Something Much More Sinister?
- Germany Calls On EU Countries to Impose Cyber Sanctions On Russian Hackers