Security researchers have discovered a new payment info theft tactic where attackers are misusing Google’s Apps Script business application development platform to steal credit card details submitted by customers of e-commerce websites while shopping online.
Google Apps Script is a rapid application development platform that makes it fast and easy to create business applications that integrate with Google Workspace. Users can write code in modern JavaScript and have access to built-in libraries for favorite Google Workspace applications like Gmail, Calendar, Drive, and more
Credit card skimmers also known as Magecart scripts or payment card skimmers) are JavaScript-based scripts injected by cybercrime groups known as Magecart groups injected into hacked online stores as part of web skimming (also known as e-skimming) attacks. Once deployed, the scripts allow the attackers to harvest the personal information, credit card details and payment transactions submitted by the hacked shops’ customers and collect it on servers under their control.