Criminals use Google Analytics data to clone credit cards

A skimming attack is exploiting the synergy between a malicious code and Google Analytics to steal payment data from users of infected ecommerce sites

Hacker violates a smartphone (Getty Images) Three cybersecurity companies have discovered, in independently, that cybercriminals are using Google Analytics to silently steal valuable credit card data from infected ecommerce sites.

Experts from Kaspersky, PerimeterX and Sansec have identified the mechanism adopted by malevolent actors. Criminals exploit the interaction between a code created to steal data from compromised websites and the account tracking code created by Google Analytics. This combination allows them to extrapolate the payment information entered by users even from the sites where these are protected by high security policies.

"The attackers injected the malicious code into the sites, this collected all the data entered by users and sent them through Analytics, "explain Kaspersky's experts in their report:" As a result, attackers could access the stolen data in their Google Analytics account. "

According to cyber security companies that have analyzed this attack, about 24 websites in Europe and America have been infected with the code that allows the extrapolation of payment data. The targeted sites are mostly ecommerce specialized in the sale of digital equipment, cosmetics, food products and spare parts.

Skimming

This type of attack takes its name from the skimmer, a device capable of reading and storing the information contained in the magnetic strip of a card, such as for example credit cards.

“ When a campaign of "skimming" is done entirely on Google's servers, trusted very few safety systems the report as “suspect”, explains Sansec in his report . “ Traders should use other methods to prevent the theft of customer data. The most important thing is to prevent unauthorized access to your code base, ” continues the research team of the threat of Sansec.

Unfortunately customers can only use the software of safety to increase the security of their online payments. To avoid the problems related to this attack, as explained by Kaspersky , the bulk of the work must be done by the webmaster.