Hackers are increasingly exploiting the trust that many websites have in the Google Analytics service. They use the service to hide their traffic.
All this must be apparent from research by Kaspersky into the ‘skimming’ of payment cards.
In this practice, criminals try to obtain the numbers and other data from a credit card, in the classic example by infecting an ATM or installing a new device on top of a payment terminal.
The attackers sell the information thus collected on persecutors to criminals who commit credit card fraud with it.
Now that everyone is buying online, credit card skimming has also increasingly moved to the web. Hackers are trying to break into this on the backend of an e-commerce site and copy information forwarded during the checkout process.
But once that info is copied, it has yet to get to the criminals, and it is here that Kaspersky sees the Analytics site pop up.
A little security software sends out a lot of warnings when large amounts of credit card data are sent to an unknown server (that of the hackers).
So what these attackers do is send them to a Google Analytics account that they control. Because many websites use the service, it is often on a whitelist or traffic to the service does not ring a lot of bubbles.