chris
Top Contributor
Another example of domain trust being abused by the bad guys, in this example it's card skimming attack on Magento ecommerce sites.
Tools like dnstwist are very effective at generating look-alike domains so you can track them down, but throw in gTLDs and it becomes almost impossible (.goog, .google google.whatever etc.).
You can check the full article here: https://threatpost.com/google-sites-card-skimming-thieves/146694/
Seems like we're seeing a lot more of these in recent months.
The Sucuri team found a website using the Magento e-commerce platform that had been blacklisted and was experiencing “Dangerous Site” warnings. It turned out that the site had been infected with a credit-card skimmer loading JavaScript from a legitimate-seeming Google Analytics domain. Closer inspection of the purported trusted Google site showed the URL to actually be “google-analytîcs[.]com” — not a Google site at all.
Further, once credit-card details are harvested, the data is sent to a remote server. This too uses a fake Google domain: “google[.]ssl[.]lnfo[.]cc.”
Tools like dnstwist are very effective at generating look-alike domains so you can track them down, but throw in gTLDs and it becomes almost impossible (.goog, .google google.whatever etc.).
You can check the full article here: https://threatpost.com/google-sites-card-skimming-thieves/146694/
Seems like we're seeing a lot more of these in recent months.