Monday, April 28, 2025
HomeCyber AttackHackers Use Fake Google Analytics Scripts To Steal Credit Card Details from...

Hackers Use Fake Google Analytics Scripts To Steal Credit Card Details from Magneto-based Websites

Published on

SIEM as a Service

Follow Us on Google News

Hackers inject malicious skimmer scripts that steal the credit card information from the checkout pages of Magento based online shopping sites.

Security researchers from Sucuri noticed credit card-stealing scripts uses a fake Google Analytics and Angular scripts to make them appear less suspicious and to evade detection form website administrators.

“The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js.”

- Advertisement - Google News

The obfuscated script loads another obfuscated script from the fake Google analytics URL www.google-analytics[.]cm/analytics.js and googlc-analytics[.]cm/analytics.js. The obfuscated script also masked itself as a Google Analytics script.

skimmer scripts

Some sites infected with the Fake Angular Script that contains keywords such as Angular.io, algularToken, angularCdn, and angularPages. Here the attackers use the fake tag manager URL’s hxxps://www.gooqletagmanager[.]com/gtm.js and hxxps://googletagmanager[.]eu/gtm.js.

According to PublicWWW, at the time of writing 39 sites containing these fake Angular scripts and all these scripts loads credit card stealers from different URLs.

“These hacked sites are not limited to Magento. URL structure analysis tells us that these sites are powered by different CMSs, mainly by WordPress, Joomla, and Bitrix,” reads Sucuri blog post.

The skimming scripts grab the credit card information entered by customers in checkout pages and pass the data in realtime and pass the information to C2 servers. The skimmer scripts generally look for fields such as credit card number, validity and billing address.

Website administrators are strongly recommended to scrutinize every change or addition of new code to their website.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

MagentoCore Malware That Steals Payment Card Details While You Shop Online

Hackers Compromised More than 1,000 Magento Stores to Steal Credit Card Details and to Mine Cryptocurrency

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...