Sophisticated Google Domain Exploitation Chain Unleashed
Jan. 2, 2025, 1:32 p.m.
Tags
External References
Description
A sophisticated attack chain targeting e-commerce payment flows has been exposed, leveraging trusted Google domain requests to execute malicious code. The attack exploits Google's domain reputation to bypass security filters, chains multiple legitimate services for persistence, and blends malicious activity with legitimate traffic patterns. Hackers inject malicious JavaScript into websites, either through direct compromise or third-party service exploitation. The attack uses specific Google domain vulnerabilities to chain malicious JavaScript into Google's response, making it appear to originate from a trusted source. This method allows attackers to circumvent Content Security Policy and proxy-based detection, enabling data theft and user redirection. Active exploitation has been observed across multiple sectors, with compromised legitimate domains serving as hosts for sophisticated payment form injection attacks.
Date
Published: Jan. 1, 2025, 3:38 a.m.
Created: Jan. 1, 2025, 3:38 a.m.
Modified: Jan. 2, 2025, 1:32 p.m.
Indicators
https://translate.googleapis.com/%24discovery/eval(
https://accounts.google.com/o/oauth2/eval(
https://accounts.google.com/o/oauth2/revoke?callback=eval(
Attack Patterns
T1553.004
T1606
T1584.001
T1102.002
T1185
T1204.001
T1189
T1059.007
T1140
T1190
Additional Informations
Retail
Finance