Fake Google Domains enable Hackers to Inject Multi-Gateway Card Skimmer

Google Domains

A warning has been issued to all Google users. Hackers are using fake Google domains with the assistance of internationalized domain names (IDNs). They are hacking your credit cards to further use them. This is being done by hosting and loading a Magecart credit card skimmer script which supports gateway for many payments.

Online payments are in trend these days. People do not prefer to carry cash and rather pay through credit or debit cards.

This activity has come to the notice when the owner of a website had its domain blacklisted by McAfee’s Site Advisor service. The Sucuri security team had a close look at the activity. They found out that the culprit was a JavaScript-based payment card skimmer injected within the site.

Data capture

After the detection, the security team worked on the issue thoroughly and found out that the site was infected.

Furthermore, the skimmer is quite special as an automatic alert will activate its behavior whenever the developer tool panel is open in the visitor’s web browser. This system is hard to detect and security dealing with cybercrime also needs to work hard to find these skimmers.

Talking about the Megacart Groups

Megacart groups are groups that are indulged in cybercrime and are in limelight since 2015. They are experts in hacking and committing crimes through the internet.

Exfiltration code

Currently, they are found to get indulged in hosting and loading a credit card skimmer into the website. As soon as a person makes payment through a gateway, the credit card will be hacked. Without any doubt, these groups are experts in this field and leave no traces behind.

They are expanding by leaps and bounds. The agencies have started working on the same and they are trying to create a secure gateway for the people making payments online.

References:

https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html