Threat actors are now targeting Google Analytics service to harvest data entered by users. As the victims are generally Europe and Americas-based online stores selling cosmetics, food products, digital equipment, and spare parts, the stolen information includes their shoppers\u2019 credit card details.<\/p>\n
<\/p>\n
To perform an attack, evildoers inject malicious code into web sites of their interest, which then harvests all the data entered by visitors and sends it through Google Analytics to hackers\u2019 Analytics accounts. According to a dedicated report<\/a> by cybersecurity firm Kaspersky, there are around two dozen infected sites globally.<\/p>\n \u201cTo make the data flow to a third-party resource less visible, fraudsters often register domains resembling the names of popular web services, and in particular, Google Analytics (google-anatytics[.]com, google-analytcsapi[.]com, google-analytc[.]com, google-anaiytlcs[.]com, google-analytics[.]top, google-analytics[.]cm, google-analytics[.]to, google-analytics-js[.]com, googlc-analytics[.]com, etc.). But attacks of this kind were also found to sometimes use the authentic service,\u201d<\/strong> the report further explains.<\/i><\/p><\/blockquote>\n To disguise their malicious activity, cybercriminals are using an anti-debugging technique. They also leave themselves a loophole to monitor the script in Debug mode.<\/p>\n \u201cIf the anti-debugging is passed, the script collects everything anyone inputs on the site (as well as information about the user who entered the data: IP address, UserAgent, time zone). The collected data is encrypted and sent using the Google Analytics Measurement Protocol,\u201d<\/strong> the Kaspersky report reads.<\/i><\/p><\/blockquote>\n The names of the affected online stores have not been disclosed yet, though.<\/p>\n Google-related fraudulent activities have increased in number over the past months. As of May, Google\u2019s Chrome Web Store was reportedly hit with the most massive surveillance campaign<\/a> so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions.<\/p>\n Once downloaded, those extensions can collect credential tokens stored in cookies or parameters, passwords, take screenshots, and read the clipboard.<\/p>\n Also last month, cybersecurity researchers detected a modified version of ComRAT<\/a> malware, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users.<\/p>\n Follow us on\u00a0<\/b>Twitter<\/b><\/a>\u00a0and\u00a0<\/b>Facebook<\/b><\/a>\u00a0and join our\u00a0<\/b>Telegram channel<\/b><\/a>\u00a0to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":" Threat actors are now targeting Google Analytics service to harvest data entered by users. As the victims are generally Europe and Americas-based online stores selling cosmetics, food products, digital equipment, and spare parts, the stolen information includes their shoppers\u2019 credit card details.<\/p>\n","protected":false},"author":6,"featured_media":9102,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,738,43],"class_list":["post-9100","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-google","tag-hackers"],"aioseo_notices":[],"amp_enabled":true,"views":"888","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=9100"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9100\/revisions"}],"predecessor-version":[{"id":9103,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9100\/revisions\/9103"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/9102"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=9100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=9100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=9100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Collecting Everything Anyone Enters<\/b><\/h2>\n
Google Services Hit by Cyber Attacks<\/b><\/h2>\n