Another Magento card skimming attack is active within the wild. during this case, the attackers target the websites with codes redirecting to pretend Google domains. Hence, tricking users to continue payments misinterpretation the positioning as a legit one.
Fake Google Domains For Card Skimming
As unconcealed during a weblog by Sucuri, Magento e-stores currently face another cyber threat. This time, the attackers target the Magento e-commerce websites with card skimming attacks mistreatment pretend google domains.
The attacks area unit occurring within the wild as a passionate campaign. the matter caught the researcher’s attention once a put-upon Magento website owner contacted them to induce facilitate with the blacklisted domain. The affected web site conjointly seasoned ‘Dangerous Site’ warnings with McAfee SiteAdvisor.
The researchers have taken the utilization of ‘google’ within the malicious domain as a trial to trick users.
Website guests might even see a respectable name (like “Google”) in requests and assume that they’re safe to load, while not noticing that the domain isn’t an ideal match and is really malicious in nature.
Upon execution, the code steals computer file from the sink menu mistreatment document.getElementsByTagName.
Smart Devtools Detection
This looks a reasonably sensible technique to evade any detection situations. within the absence of Devtools, the malware exfiltrates users’ data to a far off C&C server. At this time, it once more bluffs the users with another pretend Google domain “google[.]ssl[.]lnfo[.]cc”.
Earlier this month, Sucuri conjointly noticed a malicious script ‘Magento Killer’ targeting Magento e-stores to steal data.