Attackers have found a new way to steal online shoppers’ payment details: web skimming using Google Analytics

23 iunie 2020

Kaspersky researchers have uncovered a new technique for stealing users’ payment information on online shopping websites—a type of attack known as web skimming.

By registering for Google Analytics accounts and injecting these accounts’ tracking code into the websites’ source code, attackers can collect users’ credit card details. „About two dozen online stores worldwide were compromised using this method.”, according to the press release.

Web skimming is a popular practice used by attackers to steal users’ credit card details from the payment pages of online stores, whereby attackers inject pieces of code into the source code of the website. This malicious code then collects the data inputted by visitors to the site (i.e. payment account logins or credit card numbers) and sends the harvested data to the address specified by attackers in the malicious code.

Often, to conceal the fact that the webpage has been compromised, attackers register domains with names that resemble popular web analytics services, such as Google Analytics. That way, when they inject the malicious code, it’s harder for the site administrator to know that the site has been compromised. For example, a site named “googlc-analytics[.]com” is easy to mistake as a legitimate domain.

Recently, however, Kaspersky researchers have discovered a previously unknown technique for conducting web skimming attacks. Rather than redirecting the data to third-party sources, they redirected it to official Google Analytics accounts. Once the attackers registered their accounts on Google Analytics, all they had to do was configure the accounts’ tracking parameters to receive a tracking ID. They then injected the malicious code along with the tracking ID into the webpage’s source code, allowing them to collect data about visitors and have it sent directly to their Google Analytics accounts.

Because the data isn’t being directed to an unknown third-party resource, it’s difficult for administrators to realize the site has been compromised. For those examining the source code, it just appears as if the page is connected with an official Google Analytics account—a common practice for online stores.

To make the malicious activity even harder to spot, the attackers also employed a common anti-debugging technique: if a site administrator reviews the webpage source code using Developer mode, then the malicious code is not executed.

About two dozen websites were found to be compromised in this way, which included stores in Europe and North and South America.

This is a technique we have not seen before, and one that is particularly effective. Google Analytics is one of the most popular web analytics services out there. The vast majority of developers and users trust it, meaning it’s frequently given permission to collect user data by site administrators. That makes malicious injects containing Google Analytics accounts inconspicuous—and easy to overlook. As a rule, administrators should not assume that, just because the third-party resource is legitimate, its presence in the code is ok,” comments Victoria Vlasova, Senior Malware Analyst at Kaspersky.

Kaspersky has informed Google of the problem, and they confirmed they have ongoing investments in spam detections.

Adauga comentariu

Noutăți
Cifra/Declaratia zilei

Gabriela Nistor – director general adjunct BT

Tendinţele pe care le-am remarcat înainte de începerea pandemiei s-au accelerat pe perioada stării de urgenţă. Am văzut acest lucru ca o oportunitate, un tipping point pentru bancă. Post-pandemie nu avem cum sa ne întoarcem la comportamentul financiar pe care îl aveam până în februarie a.c. Relaţia românilor cu online-ul s-a schimbat. In plus, cardul fizic se va dematerializa. Vom asista la o scădere a cererii pentru cardurile fizice, respectiv la o creştere a preferinţei pentru componenta digitală a acestora.”

Sondaj

In 23 septembrie 2019, BNR a anuntat infiintarea unui Fintech Innovation Hub pentru a sustine inovatia in domeniul serviciilor financiare si de plata. In acest sens, care credeti ca ar trebui sa fie urmatorul pas al bancii centrale in 2020?