We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings.

Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII):

The malicious user purposely selected the domain name with the intention of deceiving unsuspecting victims.

Continue reading Fake Google Domains Used in Evasive Magento Skimmer at Sucuri Blog.

Via Sucuri.net