Categories: Cyber AttackCyber Security NewsInternetWeb Applications

Hackers Use Fake Google Analytics Scripts To Steal Credit Card Details from Magneto-based Websites

Hackers inject malicious skimmer scripts that steal the credit card information from the checkout pages of Magento based online shopping sites.

Security researchers from Sucuri noticed credit card-stealing scripts uses a fake Google Analytics and Angular scripts to make them appear less suspicious and to evade detection form website administrators.

“The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js.”

The obfuscated script loads another obfuscated script from the fake Google analytics URL www.google-analytics[.]cm/analytics.js and googlc-analytics[.]cm/analytics.js. The obfuscated script also masked itself as a Google Analytics script.

Some sites infected with the Fake Angular Script that contains keywords such as Angular.io, algularToken, angularCdn, and angularPages. Here the attackers use the fake tag manager URL’s hxxps://www.gooqletagmanager[.]com/gtm.js and hxxps://googletagmanager[.]eu/gtm.js.

According to PublicWWW, at the time of writing 39 sites containing these fake Angular scripts and all these scripts loads credit card stealers from different URLs.

“These hacked sites are not limited to Magento. URL structure analysis tells us that these sites are powered by different CMSs, mainly by WordPress, Joomla, and Bitrix,” reads Sucuri blog post.

The skimming scripts grab the credit card information entered by customers in checkout pages and pass the data in realtime and pass the information to C2 servers. The skimmer scripts generally look for fields such as credit card number, validity and billing address.

Website administrators are strongly recommended to scrutinize every change or addition of new code to their website.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

MagentoCore Malware That Steals Payment Card Details While You Shop Online

Hackers Compromised More than 1,000 Magento Stores to Steal Credit Card Details and to Mine Cryptocurrency

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: Cyber Security NewsInternetMalwareskimmer scripts
6 years ago

Recent Posts

CISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a…

12 hours ago

US Treasury Department Breach, Hackers Accessed Workstations

The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department,…

14 hours ago

TrueNAS CORE Vulnerability Let Attackers Execute Remote Code

Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a…

18 hours ago

New Botnet Exploiting D-Link Routers To Gain Control Remotely

Researchers observed a recent surge in activity from the "FICORA" and "CAPSAICIN," both variants of…

1 day ago

Hackers Weaponize Websites With LNK File To Deliver Weaponized LZH File

The watering hole attack leverages a compromised website to deliver malware. When a user visits…

1 day ago

NFS Protocol Security Bypassed To Access Files From Remote Server

The NFS protocol offers authentication methods like AUTH_SYS, which relies on untrusted user IDs, and…

1 day ago