Web skimming is a type of attack by which cybercriminals steal payment information from users by compromising a website. This type of attack is also known as Magecart in reference to the first group to use this tactic to steal data from users’ payment cards after compromising sites that had a shopping cart on their website.
The first thing for this threat to compromise our information is that it is necessary for the cybercriminal to compromise the Web page and more specifically the form that is the object of the attack found on it. In this case, a page that uses Google Analytics to obtain statistics on its visits, use, etc. and that also had a data entry form. To achieve this, the cyber attacker must perform a code injection (also known as Cross Site) That is, put certain lines of programming (in a programming language such as javascript) in the element to attack. In this case, within the code of the form and fields of the Web that it had and worked with Google Analytics.
Once this is done, the page is already committed and the malicious code injected will be executed when the user interacts with the form, at that moment, this code does what the cybercriminal wants, what he does to it, what he has programmed for it. In this case, they will be the one in charge of intercepting the data entered by the user in the form and sending them to where the cyber attacker has indicated and, more specifically, using Google Analytics to do so and thus avoid security.
The main problem with Web Skimming, in the case of using Google Analytics as an intermediary, because they were sent within GA events as part of the information to be sent and that is why they were not detected by the security systems of websites that had analytical tracking of GA and had been compromised, a useful cloaking method to achieve the objective without raising suspicions.
However, from the point of view of users who use the form with that malicious code injected, we could… configure our browser to prevent the auto-execution of scripts, install and use add-ons in the browser to prevent such executions, keep the browser updated and the operating system, have security and antivirus tools that prevent javascript code from being executed.
See also:
PoS Malware is a Virus that steals financial data
Evil Twin – An attack aimed at stealing user’s data
