GoogleHackingTech News

Hackers Using Google Analytics To Bypass Security and Steal Credit Cards Information

On Monday security researchers reported that hackers are now abusing Google Analytics to steal credit card details of the users from the infected e-commerce websites.

According to the researchers from PerimeterXKaspersky, and Sansec, hackers inject malicious data-stealing code on the compromised websites in combination with tracking code generated by their own Google Analytics account, letting them abuse payment systems even in maximum web security.

Researchers have found dozens of websites that are compromised by threat actors across Europe and North and South America selling digital equipment, food products, and spare parts, cosmetics.

Abusing Content Security Policy

The attackers are compromising the e-commerce websites that are using Google Analytics for tracking visitors and whitelisted the associated domains in their Content Security Policy.

stealing credit card information

Content Security Policy is an extra layer of security that helps to detect and mitigate attacks such as cross-site scripting and data injection attacks.

Attackers injected malicious code into sites, which collected all the data entered by users and then sent it via Analytics. As a result, an attacker can see the stolen data in their Google Analytics account

Kaspersky said in a report
analytics account hacking

The attackers using a small piece of javascript code that transmits the collected data into the credentials and payment information through an event and the other parameters that Google Analytics uses.

Administrators write * into the Content-Security-Policy header (used for listing resources from which third-party code can be downloaded), allowing the service to collect data. What’s more, the attack can be implemented without downloading code from external sources

Kaspersky noted

To make the attack more effective the attackers also ensure that the developer mode that is used to spot security errors and network request, is ON or not. If it is disabled then only attackers continue the attack.

Campaign Running Since March

Google analytics account hacked

Netherland based Sansec researchers have also uncovered a similar type of attack since March 17 that delivers malicious Javascript code on various stores hosted on Firebase.

For obfuscation attacker also created a temporary iFrame to load attackers Analytics. After that, the credit card details entered by the users are then encrypted and sent to the attacker’s analytics account which then decrypted by the attacker using the encryption key.

Satender Kumar

A Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others and always available to play chess.

Related Articles

Leave a Reply

Back to top button
The Tech Infinite