During a recent investigation we uncovered another credit card skimmer leveraging a web socket connection to steal credit card details from an infected PrestaShop website. While PrestaShop is not the most popular eCommerce solution for online stores it is still in the top 10 most common ecommerce platforms in use on the web, and clocks […]
Tag Archives: google
Decoding the Caesar Cipher Skimmer
Over the last several weeks we’ve observed an interesting new variation of “gtag” credit card skimming attack with a surprisingly high number of detections so far. As of the time of writing this article we have seen nearly 80 detections altogether in the first two weeks alone. Our research team and analysts have found this […]
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Fake Google chrome update malware, often associated with the notorious SocGholish infection, is something that we have been tracking for a number of years. It is one of the most common types of website malware. It tricks unsuspecting users into downloading what appears to be an update to their Chrome browser, but is actually a […]
Skimmers in Images & GitHub Repos
MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites and in booby trapped Magento repos on GitHub. Googletagmanager.png Our […]
Fixing “Uncommon Download” Warnings in Google Search Console
Over the past few months, a lot of website owners have received “uncommon download” warnings from Google Search Console. These warnings can be vague, often lacking specific information about where the download is, exactly. Don’t panic — a lot of these seem to be false positives and you can just request a review. Read on […]
Mixed Content Warnings in Google Chrome
Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done. The real pain for large projects, however, is changing http:// resources to https://. These resources include images, videos, sounds, forms, scripts, and CSS files, along with any externally loaded third-party elements like […]
Magento Skimmers: From Atob to Alibaba
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain names and targeted all sorts […]
Fake Google Domains Used in Evasive Magento Skimmer
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII): The malicious user purposely selected the domain name […]
Why is Your Website a Target? The SEO Value of a Website
Website security is what we eat, sleep, and breathe. It’s what we do best because we deal with hacked websites every single day, thousands of them. Among the various types and evolution in attack scenarios, one has remained the same for all these years—spam infections. A spam infection could be a serious problem for online […]
Typo 3 Spam Infection
Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now and then we come across something a little different. Blackhat SEO Infection in Typo3 Just recently, I discovered a website using the Typo3 CMS that had been infected with a […]