Cybersecurity experts have discovered hackers using Google.com, a trusted domain, to distribute hard-to-detect malware.
Compromised e-commerce websites, especially on Magento, host a hidden script redirecting to a manipulated Google OAuth link.
The malware hides in the callback parameter, executing obfuscated JavaScript to evade antivirus tools.
The attackers exploit the trust in Google.com domain to avoid being flagged by security tools and browsers.
The attack triggers only for real human behavior with keywords like 'checkout', opening a WebSocket connection to deliver harmful code.
The attack is difficult to detect due to heavy code disguise, use of a legitimate domain, and dynamic execution.
Users can mitigate risks by limiting third-party scripts, separating tasks on different browsers, keeping software updated, being cautious, and using behavior-based security tools.
This campaign highlights the vulnerability of even trusted domains like Google.com to sophisticated cyberattacks, emphasizing the importance of informed security practices.