Credit card skimmers are now being buried in image file metadata on e-commerce websites

published 26.06.2020 12:52

by Charlie Osborne from zdnet.com
Image of article 'Credit card skimmers are now being buried in image file metadata on e-commerce websites'

Card skimmer code was found buried within the EXIF metadata of an image file, which would then be loaded by compromised online stores.

The technique used in documented attacks serves legitimate favicons to the bulk of a website -- but saves malicious variants for payment portal pages.

See also: Skimming code battle on NutriBullet website may have risked customer credit card data The cybersecurity firm has explored the new technique, described in a blog post published on Thursday, which is believed to be the handiwork of Magecart Group 9.

After well-known brands were hit in quick succession, including Ticketmaster and British Airways, the term 'Magecart' was coined for these types of attacks, in which malicious JavaScript is injected into the payment portal pages of vulnerable websites in order to harvest customer details for as long as possible without detection.

Cybercriminals making use of online credit card skimmers continue to improve their attack methods, and this time, malicious code has been found buried in image file metadata loaded by e-commerce websites.