We have seen that most of the online tools that are extremely useful to us for working are also very vulnerable in terms of security and hacking. Now, there is a reason why people have been advised not to upload their personal information as well as financial information to their accounts even when they are from Google or Apple. Or else, you need to have seal proof security for your account with mechanisms such as 2-factor authentication as well as physical key for authentication when you have uploaded information such as credit cards and passwords.
However, we know that most people fail to have advanced security turned on for their accounts and they fall prey to the hackers. But we have a new report regarding hackers using a popular tool from Google meant for marketers known as Google Analytics. This is a tool or a platform that provides you information regarding website visitors as well as traffic and the source of that traffic among many other details.
Multiple reports now claim that “threat actors are injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security”.
As per an official statement from Kaspersky, it is revealed that “Attackers injected malicious code into sites, which collected all the data entered by users and then sent it via Analytics,”. “As a result, the attackers could access the stolen data in their Google Analytics account.” Now, it is interesting to know how the code was injected with Google Analytics code in the first place. A research firm says that “The source of the problem is that the CSP rule system isn’t granular enough,” which is why these codes are getting injected.