A new sophisticated malvertising campaign exploits trusted e-commerce and Google APIs to inject malicious scripts, leading to phishing sites that steal sensitive payment information. This attack leverages outdated JSONP techniques and abused API endpoints, making detection difficult and impacting reputable brands like Ray-Ban. #JSONP #GoogleAPIs
Keypoints
- Cybercriminals are using trusted e-commerce websites to host phishing scams without site ownersβ knowledge.
- The attack exploits JSONP calls in Google APIs, allowing malicious scripts to run unchecked.
- Compromised sites redirect users to fake payment pages designed to steal credit card details.
- Despite being disclosed, some affected websites still remain vulnerable and active.
- Continuous monitoring and enhanced security measures are vital to protect against this evolving threat.
Read More: https://gbhackers.com/cybercriminals-using-trusted-google-domains/