A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain. Read more