Tag Archives: google

Skimmers in Images & GitHub Repos

MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites and in booby trapped Magento repos on GitHub. Googletagmanager.png Our More Info »

Mixed Content Warnings in Google Chrome

Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done. The real pain for large projects, however, is changing http:// resources to https://. These resources include images, videos, sounds, forms, scripts, and CSS files, along with any externally loaded third-party elements like More Info »

Magento Skimmers: From Atob to Alibaba

Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain names and targeted all sorts More Info »

Fake Google Domains Used in Evasive Magento Skimmer

We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII): The malicious user purposely selected the domain name More Info »

Typo 3 Spam Infection

Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now and then we come across something a little different. Blackhat SEO Infection in Typo3 Just recently, I discovered a website using the Typo3 CMS that had been infected with a More Info »

Hacked Website Trend Report – 2018

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of 25,168 cleanup requests More Info »

Google Analytics and Angular in Magento Credit Card Stealing Scripts

Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from More Info »