You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- Fake Google domain used in attacks to deploy skimmer on Magento sites

Fake Google domain used in attacks to deploy skimmer on Magento sites
Fake Google domain used in attacks to deploy skimmer on Magento sites- July 26, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_313339853.jpg)
- The infected Magento site loads a JavaScript code from a malicious internationalized domain.
- The malicious code changes automatically if DevTools are toggled in Google Chrome or Mozilla Firefox.
Security researchers from Sucuri came across a compromised Magento-based site that was infected by means of a fake Google domain. The infected website contained a credit card skimming JavaScript code received from a malicious internationalized domain. The malicious domain is disguised as Google Analytics and is believed to be used in phishing attacks.
The website was reported to Sucuri researchers by its owner after it was blacklisted and was marked as a “Dangerous Site” by McAfee SiteAdvisor.
How does it work?
- The JavaScript skimmer code loaded from the malicious domain changes automatically if DevTools is enabled in Google Chrome or Mozilla Firefox.
- The code does not send any user input to the C2 server if DevTools is toggled on. If DevTools is off, the input data is sent to the fake Google domain. According to Sucuri researchers, the site visitors are presented with another fake Google domain.
- Furthermore, the card skimmer on the affected sites is believed to work on a dozen payment gateways.
- The malicious site hosting the skimmer code also contains another malicious code that affects the Magento admin interface.
Worth noting
Sucuri researchers believe that Magento-powered sites are the most attractive targets for credit card stealing attacks.
“During our analysis of hacked websites in 2018, we found that 83% of Magento websites were vulnerable at the point of infection. In an effort to obtain sensitive customer data and credit card information from ecommerce websites, attackers continue to leverage vulnerable Magento installations,” said the researchers.
In this case, there are no other known attack instances that used the same fake internationalized Google domain.
Get such articles in your inbox
News
-
Previous News Retefe banking trojan: A sneak peek into the banking trojan’s attack campaigns
- July 27, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Retefe banking trojan: A sneak peek into the banking trojan’s attack campaigns
- July 27, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
