Another Fake Google Domain: fonts.googlesapi.com

Another Fake Google Domain: fonts.googlesapi.com

Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye.

The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the client’s WordPress database.

Whenever the infected WordPress page loads, the actual content is obscured behind the is.gd shortener, which obtains content from the fake Google domain: fonts[.]googlesapi[.]com

Fake Google Domain Leveraged in Obfuscation Attempts

In terms of the registration date (2018-11-27), this domain is not that new.

Continue reading Another Fake Google Domain: fonts.googlesapi.com at Sucuri Blog.

Via Sucuri.net

Tags: , ,