AppsScriptPulse

Hackers abuse Google Apps Script to steal credit cards, bypass CSP

Image: Google

Attackers are abusing Google’s Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online.

Interesting report highlighting how Google Apps Script is being exploited as a vector to skim card data. The post is worth reading for more details but in short the script.google.com address for webapps is being used as a trusted domain to avoid detection. The post also mentions how Google Analytics is being used for a similar exploit.  How this will all play out is yet to be seen.

Source: Hackers abuse Google Apps Script to steal credit cards, bypass CSP