Security News > 2021 > February > Hackers abuse Google Apps Script to steal credit cards, bypass CSP
Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online.
They take advantage of the fact that online stores would consider Google's Apps Script domain as trusted and potentially whitelisting all Google subdomains in their sites' CSP configuration.
Google Apps Script domain used as exfiltration endpoint.
All the payment info stolen from the compromised online shop was sent as base64 encoded JSON data to a Google Apps Script custom app, using script[.
After reaching the Google Apps Script endpoint, the data was forwarded to another server - Israel-based site analit[.
Other Google services were also abused in Magecart attacks, with the Google Analytics platform being used by attackers to steal payment info from several dozen online stores.