Google web tool used to steal credit cards online -- how to protect yourself

(Image credit: Tom'south Guide)

Cybercriminals take developed a new skimming technique to pilfer people's payment-carte du jour information as they shop online, according to a leading antivirus firm.

Moscow-based cybersecurity giant Kaspersky reports in a blog posting today (June 22) that online crooks are gathering credit-card data by creating Google Analytics accounts, copying the tracking code of their accounts and so inserting that lawmaking into the webpage code of breached online stores.

Best antivirus: protect yourself from scams with online security
VPN: add together a layer of extra protection cheers to a virtual private network
Just In: Democratic people's republic of korea reportedly plans massive cyberattack

Kaspersky warns that "well-nigh two dozen online stores worldwide were compromised using this method", most of which were in the U.Due south, Europe and Southward America.

Web-skimming attacks aren't exactly new. Crooks often use this method to gain access to the credit-card details of unsuspecting victims, and it's get more prevalent with the rapid growth of online shopping in recent years.

These attacks are mounted when perpetrators change the source lawmaking of websites, allowing them to collect all the information that a user submits on a site. (In nearly instances, the website owners and administrators are unaware their sites have been changed.) This data, including payment information, is then forwarded to the culprit.

The crooks have as well used domains that masquerade as legitimate services like Google Analytics to make it more hard for site administrators to observe that their websites are compromised.

Kaspersky said this normally involves deliberate misspellings of the Google Analytics domain (google-analytics.com) such as google-anatytics, google-analytcsapi, google-analytc, google-anaiytlcs and so on.

Using legitimate Google Analytics accounts

But the technique discovered by Kaspersky is new. Instead of faking the Google Analytics domain name, the crooks make certain the stolen information is sent to a legitimate Google Analytics account that has been created by the attacker.

"Once the attackers registered their accounts on Google Analytics, all they had to exercise was configure the accounts' tracking parameters to receive a tracking ID," said Kaspersky.

"They then injected the malicious code along with the tracking ID into the webpage'due south source lawmaking, allowing them to collect data about visitors and take it sent straight to their Google Analytics accounts."

Tough times for admins

Equally a result, it'southward not like shooting fish in a barrel for website admins to place and answer to website compromises.

Kaspersky explained: "For those examining the source code, it just appears equally if the folio is connected with an official Google Analytics business relationship — a common practice for online stores."

An anti-debugging method used by the attackers likewise makes the job of admins and security professionals increasingly difficult, because it presumes that someone is looking for the malicious lawmaking and and so effectively hides.

Kaspersky said that "if a site administrator reviews the webpage source code using Programmer mode, then the malicious code is not executed."

Victoria Vlasova, senior malware annotator at Kaspersky, said: "This is a technique nosotros have not seen before, and one that is specially constructive. Google Analytics is one of the most popular spider web analytics services out in that location.

"The vast majority of developers and users trust it, meaning it's frequently given permission to collect user information past site administrators. That makes malicious injects containing Google Analytics accounts inconspicuous — and easy to overlook. As a dominion, administrators should not assume that, just because the 3rd-party resource is legitimate, its presence in the code is ok."

Kaspersky recommends that users install a security solution that "can discover and block malicious scripts from being run," which the all-time antivirus software ought to be able to practise.

Read more: Bank check out our Antivirus Software Ownership Guide

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Figurer Weekly, and many others. He too happens to exist a diehard Mariah Carey fan!

Source: https://www.tomsguide.com/news/credit-card-theft-google-analytics

Posted by: etchisonhadvaid.blogspot.com

Google web tool used to steal credit cards online -- how to protect yourself