Sophisticated Google Domain Exploitation Chain Unleashed

Description

A sophisticated attack chain targeting e-commerce payment flows has been exposed, leveraging trusted Google domain requests to execute malicious code. The attack exploits Google's domain reputation to bypass security filters, chains multiple legitimate services for persistence, and blends malicious activity with legitimate traffic patterns. Hackers inject malicious JavaScript into websites, either through direct compromise or third-party service exploitation. The attack uses specific Google domain vulnerabilities to chain malicious JavaScript into Google's response, making it appear to originate from a trusted source. This method allows attackers to circumvent Content Security Policy and proxy-based detection, enabling data theft and user redirection. Active exploitation has been observed across multiple sectors, with compromised legitimate domains serving as hosts for sophisticated payment form injection attacks.