As retailers and e-store apps script domains are trusted
Researchers at cyberspace company Sansec discovered a new way by hackers using Google tools to steal e-commerce shoppers’ credit card details.
While the company was analyzing the data, researcher Eric Brundle found hackers using JavaScript code to be injected into online store websites. Where these codes steal payment orders and personal information entered by users on these sites and transfer them to a server controlled by cybercriminals under the purview of “Google’s Apps Script”.
According to popular reports: A malicious script embedded by hackers on e-commerce sites accepts the payment information entered by the user and sends it to a dedicated Google Apps script application as encrypted data, then the data is encrypted Such as redirected to the server. Technology controlled by hackers.
Attackers counter their malicious activity with malware detection solutions and a Content Security Policy (CSP).
And according to the UAE Ram news website: security researcher found that cyber criminals are taking advantage of the fact that retailers and all online stores consider Google’s apps script domain to be reliable, and insisted that web developers should let CSP attackers And as a counter notification should promote security holes, all domains Google sub warning right now.
This is not the first time that hackers have taken advantage of Google’s domain and services reputation. Last year, Sansec detected a fully-fledged hacking campaign on Google’s servers, sending stolen credit card information to Google Analytics, which tracks visitor traffic and reports about it.
A new innovation for cyber criminals … “Hackers” stole credit card information with Google app
Sabak Electronic Newspaper
before this
2021-02-20
Researchers at cyberspace company Sansec discovered a new way by hackers using Google tools to steal e-commerce shoppers’ credit card details.
While the company was analyzing the data, researcher Eric Brundle found hackers using JavaScript code to be injected into online store websites. Where these codes steal payment orders and personal information entered by users on these sites and transfer them to servers controlled by cybercriminals within the scope of “Google’s Apps Script”.
According to popular reports: A malicious script embedded by hackers on e-commerce sites accepts the payment information entered by the user and sends it to a dedicated Google Apps script application as encrypted data, then the data is encrypted Such as redirected to the server. Technology controlled by hackers.
Attackers counter their malicious activity with malware detection solutions and a Content Security Policy (CSP).
And according to the UAE Ram news website: security researcher found that cyber criminals are taking advantage of the fact that retailers and all online stores consider Google’s apps script domain to be reliable, and insisted that web developers should let CSP attackers And as a counter notification should promote security holes, all domains Google sub warning right now.
This is not the first time that hackers have taken advantage of Google’s domain and services reputation. Last year, Sansec detected a fully-fledged hacking campaign on Google’s servers, sending stolen credit card information to Google Analytics, which tracks visitor traffic and reports about it.
February 20, 2021 – Rajab 8, 1442
11:55 AM
As retailers and e-store apps script domains are trusted
Researchers at cyberspace company Sansec discovered a new way by hackers using Google tools to steal e-commerce shoppers’ credit card details.
While the company was analyzing the data, researcher Eric Brundle found hackers using JavaScript code to be injected into online store websites. Where these codes steal payment orders and personal information entered by users on these sites and transfer them to a server controlled by cybercriminals under the purview of “Google’s Apps Script”.
According to popular reports: A malicious script embedded by hackers on e-commerce sites accepts the payment information entered by the user and sends it to a dedicated Google Apps script application as encrypted data, then the data is encrypted Such as redirected to the server. Technology controlled by hackers.
Attackers counter their malicious activity with malware detection solutions and a Content Security Policy (CSP).
And according to the UAE Ram news website: security researcher found that cyber criminals are taking advantage of the fact that retailers and all online stores consider Google’s apps script domain to be reliable, and insisted that web developers should let CSP attackers And as a counter notification should promote security holes, all domains Google sub warning right now.
This is not the first time that hackers have taken advantage of Google’s domain and services reputation. Last year, Sansec detected a fully-fledged hacking campaign on Google’s servers, sending stolen credit card information to Google Analytics, which tracks visitor traffic and reports about it.
window.fbAsyncInit = function() { FB.init({ appId : 636292179804270, autoLogAppEvents : true, xfbml : true, version : 'v2.10' }); FB.AppEvents.logPageView(); };
(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "https://connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));