Cybersecurity researchers have found the new technique which hackers use to steal payment information on shopping websites.
According to a report by cybersecurity firm Kaspersky, attackers are using a new technique called web skimming to steal a user’s payment information from online shopping websites.
“Web skimming is a popular practice used by attackers to steal users’ credit card details from the payment pages of online stores, whereby attackers inject pieces of code into the source code of the website,” Kaspersky explained.
In this, the attackers register for Google Analytics accounts and inject the accounts’ tracking codes into targeted websites’ source code. This malicious code help them gain information such as payment account logins or credit card numbers, from websites.
Over twenty websites in Europe, North and South America have been attacked by hackers using this method and have been compromised, according to the report.
Attackers often register the domain that is used to generate the tracking code under popular analytics website to make it difficult for a web admin to identify that their website has been compromised.
“For example, a site named “googlc-analytics[.]com” is easy to mistake as a legitimate domain,” the report said.
“Rather than redirecting the data to third-party sources, they redirected it to official Google Analytics accounts. Once the attackers registered their accounts on Google Analytics, all they had to do was configure the accounts’ tracking parameters to receive a tracking ID. They then injecte the malicious code along with the tracking ID into the webpage’s source code, allowing them to collect data about visitors and have it sent directly to their Google Analytics accounts,” Kaspersky further explained.
Attackers also use a common anti-debugging technique to make it even more difficult for people to spot the code on the website. The code injected by hackers will not be executed if the site administrator reviews the webpage source code using Developer mode, as per the report.
Victoria Vlasova, Senior Malware Analyst at Kaspersky said: “This is a technique we have not seen before, and one that is particularly effective. Google Analytics is one of the most popular web analytics services out there. The vast majority of developers and users trust it, meaning it’s frequently given permission to collect user data by site administrators. That makes malicious injects containing Google Analytics accounts inconspicuous—and easy to overlook. As a rule, administrators should not assume that, just because the third-party resource is legitimate, its presence in the code is ok.”
Kaspersky has informed Google of the issue. The tech giant has confirmed that they have an ongoing investments in spam detections, it said.