Add to favorites
“The attackers were able to access the stolen data in their Google Analytics account.”
Researchers at the web security company Kaspersky have “identified” several cases in which attackers used Google Analytics to view scanned data, such as credit card information, from websites where malware was injected.
Kaspersky’s security division, Secure List, discovered that attackers used malicious code in websites that often contain credit card information, such as: B. travel websites, could use Google Analytics to access the stolen data.
Secure List found this technique was used on 20 websites in Europe, the US and South America selling digital parts, cosmetics and groceries.
Google Analytics shows illegal data
The research report published yesterday explained this process in more detail:
“In order to collect data about visitors with the help of Google Analytics, the website owner must configure the tracking parameters in his account at analyze.google.com, retrieve the tracking ID and enter it into the websites together with the tracking code (a special code snippet) insert ).
“We recently identified several cases in which this service was abused: attackers injected malicious code into websites that collected all the data entered by users and then sent it through Analytics. As a result, the attackers were able to access the stolen data in their Google Analytics account. “
According to the site analysis tool BuiltWith, Google Analytics has 29 million websites. Due to the brand name, visitors will use this service without any control. According to Secure List, administrators often write * .google-analse.com in the “Content-Security-Policy” header, which lists resources from which third-party code can be securely downloaded.
Web scraping itself is legal as of 2019, and Google has its own free web scraping tool called Instant Data Scraper.
Among the features like “Get contact information from professional association websites” and “Get email addresses and phone numbers from directories” in the tool’s list, there is a promise from the developer to the customer:
“This extension does not contain any malware or spyware beyond Google Analytics.”