A previously unknown phishing technique has compromised the websites of more than 20 retailers in Europe and Americas, according to Kaspersky researchers.
Rather than the traditional method of redirecting data to third-parties, criminals redirected it to official Google Analytics accounts, according to the research.
“Once the attackers registered their accounts on Google Analytics, all they had to do was configure the accounts’ tracking parameters to receive a tracking ID.
“They then injected the malicious code along with the tracking ID into the webpage’s source code, allowing them to collect data about visitors and have it sent directly to their Google Analytics accounts.”
It is difficult for administrators to realise the website has been compromised because the page appears to be connected with an official Google Analytics account, a common practice for online stores, said Kaspersky.
The cyber security firm added: “To make the malicious activity even harder to spot, the attackers also employed a common anti-debugging technique: if a site administrator reviews the webpage source code using Developer mode, then the malicious code is not executed.”
Kaspersky says it has informed Google of the problem, and Google responded by saying they have ongoing investments in spam detections.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.