CYBER NEWS

Falso Google domínios usados ​​na campanha Skimming cartão de crédito

Os pesquisadores de segurança veio através de uma campanha maliciosa que está usando bastante convincente, falso Google domínios aos visitantes truque site em confiar nas páginas de realizar transações on-line.

Mais especificamente, the campaign was relatado by Sucuri researchers who were contacted by a Magento website owner. The website owner “had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings”.

Sucuri’s investigation “revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII).




How did the infection of the domain take place?

Hackers “purposely selected the domain name with the intention of deceiving unsuspecting victims”. The trick is that online users see a reputable name such as Google and assume they are safe to proceed, when in fact the truth is that they are about to load a malicious domain.

This tricky method is also common in phishing attacks where it is deployed to trick victims into thinking a phishing page is actually legitimate, os pesquisadores explicam.

relacionado: ter cuidado: Scripts maliciosos JS roubar cartão de crédito de dados de sites

The investigation also reveals that the input data capture is similar to other Magento credit card skimmers. Em resumo, the mechanism uses the loaded JavaScript to capture any input data via the document.getElementsByTagName and input, or via stored element names for capturing drop down menu data.

One of the interesting parts of this campaign is that the code is designed to change tactics depending on the use of developer tools in Chrome or Firefox browsers. If developer tools are in place, the skimmer will not attempt to grab any information.

The skimmer supports many payment gateways, and in case the above mentioned condition is met, the stolen information is sent to a remote server, disguised as another google domain – Google[.]ssl[.]lnfo[.]cc.

To protect your ecommerce website, the expert advice for Magento site owners is to install the latest security patches as soon as they become available. If you are unable to update your site, you can leverage a web application firewall to virtually patch any vulnerabilities, Sucure adds.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...