fbpx
News
MasterCard Purchases Ethoca
News
Marriott CEO Testifies to Congress About 2018 Data Breach
News
Medical data breach may have exposed info about 600,000 Michigan patients
News
German Ecommerce Worth 58.8 Billion Euros in 2019
News
NJ Data Breaches Lead to Increased Focus on Cybersecurity
News
Worldnet Payments Enters Agreement with POSDATA
News
Marqeta Raises $250 Million Series E Funding
News
Doxo Offers Apple Pay Solutions
News
UK Banks Prevented More than £1.12b in Card Fraud in 2018
News
Verifi Launches Self-Service Chargeback Representment
News
One of the Biggest Data Breaches Ever Compromises Personal Info From Nearly 1 Billion Email Addresses
News
540 Million Facebook Accounts Exposed on Vulnerable AWS Servers
News
Facebook Changes Terms to Comply with European Commission Demands
News
Nethone Raises Over $1 Million to Develop Artificial Intelligence to Fight Chargebacks
News
Chargeback Gurus Enters the Finals of Dallas Business Journal Entrepreneur Contest
News
Terbium Labs Reveals the Dark Web’s “How To” Guide to Committing Ecommerce Fraud
News
Thales Finishes Acquisition of Digital Identity and Security Company Gemalto
News
Ecommerce Fraud Events: Airline & Travel Payments Summit 2019
News
McDonald’s App Hacked In $2,000 ATO Fraud Attack
News
IntSights Releases New Report On the Biggest Fraud Prevention Challenges Facing Banking & Financial Services
News
Online Advertising Fraud Down Nearly $1 Billion Dollars, According to New Association of National Advertisers Report
News
Synthetic Identity Fraud: TransUnion Announces New Rapid Default Model
News
PrismWeb Fraud Attack: Hackers Steal Student Payment Data from 197 American & Canadian Universities
News
Checkout.com Raises $230m Series A Round of Funding
News
Barracuda Networks Releases New ATO Report
News
2019 AFP Payments Fraud and Control Survey Released
News
Sextortion Email Scam Nets Fraudsters $1 million in Bitcoin
News
IBM X-Force Threat Intelligence Index 2019 Released
News
Avanan Releases Global Phish Report 2019
News
EdgeWave releases new Report: “How to Fight the Phishing Epidemic and Win”
News
RSA Q1 2019 Fraud Report Released
News
BalBix Releases New Report: How to Use AI to Tackle Cyber-Security Challenges
News
PayPal Commerce Platform Launches
News
ECBSV SSN Verification Pilot Program Begins
News
Zelle Scam Cleans Out the Bank Accounts of Unsuspecting Victims
News
Google Pay PayPal Connection Expanded
News
Data Breach Exposes Secrets of Ford, TD Bank
News
Visa Acquires Verifi
News
Orvibo IoT Devices Suffer Massive Data Breach
News
ICO Fines British Airways £183.39m for Data Breach
News
PayPal Xoom Europe Launches
News
Mnuchin: Facebook Libra “Threat”
News
FinCEN Business Email Compromise Report Released
News
Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 Report Released
News
Fake Google Domains Target Magento Users
News
Capital One Data Breach Hits 100 Million US Customers
News
Pearson Data Breach Compromises 100,000+ Students
News
Capital One Data Breach Class Action Lawsuit Initiated
News
NormShield Releases State of Financial Phishing Q1 2019
Sunday, August 18, 2019
News
MasterCard Purchases Ethoca
News
Marriott CEO Testifies to Congress About 2018 Data Breach
News
Medical data breach may have exposed info about 600,000 Michigan patients
News
German Ecommerce Worth 58.8 Billion Euros in 2019
News
NJ Data Breaches Lead to Increased Focus on Cybersecurity
News
Worldnet Payments Enters Agreement with POSDATA
News
Marqeta Raises $250 Million Series E Funding
News
Doxo Offers Apple Pay Solutions
News
UK Banks Prevented More than £1.12b in Card Fraud in 2018
News
Verifi Launches Self-Service Chargeback Representment
News
One of the Biggest Data Breaches Ever Compromises Personal Info From Nearly 1 Billion Email Addresses
News
540 Million Facebook Accounts Exposed on Vulnerable AWS Servers
News
Facebook Changes Terms to Comply with European Commission Demands
News
Nethone Raises Over $1 Million to Develop Artificial Intelligence to Fight Chargebacks
News
Chargeback Gurus Enters the Finals of Dallas Business Journal Entrepreneur Contest
News
Terbium Labs Reveals the Dark Web’s “How To” Guide to Committing Ecommerce Fraud
News
Thales Finishes Acquisition of Digital Identity and Security Company Gemalto
News
Ecommerce Fraud Events: Airline & Travel Payments Summit 2019
News
McDonald’s App Hacked In $2,000 ATO Fraud Attack
News
IntSights Releases New Report On the Biggest Fraud Prevention Challenges Facing Banking & Financial Services
News
Online Advertising Fraud Down Nearly $1 Billion Dollars, According to New Association of National Advertisers Report
News
Synthetic Identity Fraud: TransUnion Announces New Rapid Default Model
News
PrismWeb Fraud Attack: Hackers Steal Student Payment Data from 197 American & Canadian Universities
News
Checkout.com Raises $230m Series A Round of Funding
News
Barracuda Networks Releases New ATO Report
News
2019 AFP Payments Fraud and Control Survey Released
News
Sextortion Email Scam Nets Fraudsters $1 million in Bitcoin
News
IBM X-Force Threat Intelligence Index 2019 Released
News
Avanan Releases Global Phish Report 2019
News
EdgeWave releases new Report: “How to Fight the Phishing Epidemic and Win”
News
RSA Q1 2019 Fraud Report Released
News
BalBix Releases New Report: How to Use AI to Tackle Cyber-Security Challenges
News
PayPal Commerce Platform Launches
News
ECBSV SSN Verification Pilot Program Begins
News
Zelle Scam Cleans Out the Bank Accounts of Unsuspecting Victims
News
Google Pay PayPal Connection Expanded
News
Data Breach Exposes Secrets of Ford, TD Bank
News
Visa Acquires Verifi
News
Orvibo IoT Devices Suffer Massive Data Breach
News
ICO Fines British Airways £183.39m for Data Breach
News
PayPal Xoom Europe Launches
News
Mnuchin: Facebook Libra “Threat”
News
FinCEN Business Email Compromise Report Released
News
Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 Report Released
News
Fake Google Domains Target Magento Users
News
Capital One Data Breach Hits 100 Million US Customers
News
Pearson Data Breach Compromises 100,000+ Students
News
Capital One Data Breach Class Action Lawsuit Initiated
News
NormShield Releases State of Financial Phishing Q1 2019

Fake Google Domains Target Magento Users

July 26, 2019
|
No Comments
|
News

Fraudsters are using fake Google domains to target Magento customers, the Sucuri Blog reports. In a post to their website, they describe Magento users contacting them about McAfee Site Advisor sending them warnings. Unfortunately, it appears a credit card skimmer using JavaScript loaded from the malicious google-analytîcs[.]com web address is responsible.

The domain is a well known ruse by hackers who prey on its use of the well known Google Analytics domain and brand name to trick unsuspecting users. This tactic is well known, but effective.

“The input data capture is similar to other Magento credit card stealers we have posted about before,” the post said. “It uses the loaded JavaScript to capture any input data using the document.getElementsByTagName and input or stored element names for capturing drop down menu data.”

A Comprehensive Attack

Interestingly, the attack code will change its behavior based on if a user has DevTools open, and what kind.

For both Chrome and Firefox, the presence of open tools stops the attack. This is a highly sophisticated tactic that helps the attack go undetected by and remain under the radar. Moreover, the attack can use all of the most popular payment gateways. This includes solutions with integrated eCommerce fraud prevention tools like PayPal This allows it to cast a wide net and gives each successful infection the best chance of success.

In addition to the skimming, the malware executes a second attack. This attack sends users to a second fake domain google[.]ssl[.]lnfo[.]cc:‘. This code collects information from Magento’s user admin configuration, which hackers can use to conduct subsequent attacks.

Source: https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html

Tags: ,

Related Article

No Related Article

Join our Community

join the community

Our Sponsors

Stay in Touch

LINKEDIN

YOUTUBE