Card-Skimming Scripts Hide Behind Google Analytics, Angular

From threatpost.com

The campaign is marked by a significant level of customization, with an “individualized yet very consistent approach to every compromise.

A host of credit card-stealing scripts have popped up on the web, injected into websites and purporting to be legitimate Google Analytics or Angular utilities in order to avoid webmaster notice.

According to research from Sucuri, the malicious code is obfuscated and injected into legitimate JS files, mainly on Magento-built sites. A JS file is a text file containing JavaScript code that is used to execute JavaScript instructions in web pages.

The campaign is marked by a significant level of customization, with an “individualized yet very consistent approach to every compromise,” the researchers explained in a Tuesday post. “Each site has its own set of injected scripts, compromised sites, misleading variables and file names, and unique variations of obfuscation.”

Read more…