Fake Google Domains Used in Evasive Magento Skimmer

Fake Google Domains Used in Evasive Magento SkimmerWe were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings.

Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII):

//google-analytîcs.com/www.%5Bredacted%5D.com/3f5cf4657d5d9.js

The malicious user purposely selected the domain name with the intention of deceiving unsuspecting victims.

Continue reading Fake Google Domains Used in Evasive Magento Skimmer at Sucuri Blog.

Source: Scuri check