Payment information stealing campaign uses a new formjacking redirection method to compromise the checkout stage of high-profile online retail websites according to Symantec.
Symantec's research team discovered a Parisian retail store that had its online shop website injected with a formjacking script which exfiltrates payment data to the google-analyitics.org domain controlled by the malicious script's authors.
"We observed popular websites from different countries—such as the U.S., Japan, Australia, and Germany—redirecting to this one Paris website," says Symantec. "This created an interesting redirection chain as customers of all these websites were being infected by formjacking at the same time."
Subsequently, Symantec detected multiple e-commerce platforms from high profile brands which had their checkout pages redirected to the infected Paris online retail store, with around 30 of them being compromised during this malicious campaign.