Microsoft warns against web surfers imitating Google Analytics and Meta Pixel code

The threat actors behind the web surfing campaigns are leveraging JavaScript code maliciously mimics scripts Google Analytics and Meta Pixel to try to bypass detection.

“It’s a change from previous tactics in which attackers easily inject malicious scripts into e-commerce platforms,” ​​the Microsoft 365 Defender research team said in a new report. and content management systems (CMS) through exploiting the vulnerability, making this threat very easy to dodge with traditional security solutions”.

Skimming attacks, such as Magecart’s attack, are performed with the goal of collecting and exporting users’ payment information, such as credit card details, that are entered into payment forms online in an e-commerce platform, usually during the checkout process.

This is achieved by taking advantage of security holes in third-party plugins and other tools to inject code. JavaScript spoofed into online portals without the owner’s knowledge.

As the number of skimming attacks has increased over the years, so have the methods used to hide skimming scripts. Last year, Malwarebytes revealed a campaign in which malicious actors were observed providing PHP-based web shells embedded in website favorites to load skimmer code.

Then in July 2021, Sucuri discovered another tactic that involved inserting JavaScript code in comment blocks and masking stolen credit card data into images and other files stored on the web. servers are breached.

The latest obfuscation techniques that Microsoft has observed are a variation on the aforementioned method of using malicious image files, including regular images, to stealthily combine PHP scripts with JavaScript scripts. Base64 encoding.

The second approach relies on four lines of JavaScript code added to the compromised website to retrieve the skimmer script from the remote server “encoded in Base64 and concatenated from some string.”

Also detected was the use of fake Google Analytics encrypted skimmer script domains and Meta Pixel code in an attempt to maintain control and avoid suspicion.

Unfortunately, there’s not much online shoppers can do to protect themselves from surfing beyond making sure their browsing sessions are secure during checkout. In addition, users can also create virtual credit cards to secure their payment information.

“With increasingly dodging tactics being used in skimming campaigns, organizations should ensure that their e-commerce platforms, CMS, and installed plugins are updated with security patches. latest and they only download and use third-party plugins and services from trusted places Microsoft says.

.