Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Credit card skimmers are now being buried in image file metadata on e-commerce websites

June 26, 2020
in Internet Security
Credit card skimmers are now being buried in image file metadata on e-commerce websites
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybercriminals making use of online credit card skimmers continue to improve their attack methods, and this time, malicious code has been found buried in image file metadata loaded by e-commerce websites. 

According to Jérôme Segura, Malwarebytes Director of Threat Intelligence, the new technique is a way to “hide credit card skimmers in order to evade detection.”

You might also like

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

Facebook bans Myanmar military-controlled accounts from its platforms

Cloud, data amongst APAC digital skills most needed

Over the past few years, with the gradual increase of popularity in online shopping — now more so than ever due to the novel coronavirus pandemic — has given rise to cyberattacks dedicated to the covert theft of payment card information used when making online purchases. 

After well-known brands were hit in quick succession, including Ticketmaster and British Airways, the term ‘Magecart’ was coined for these types of attacks, in which malicious JavaScript is injected into the payment portal pages of vulnerable websites in order to harvest customer details for as long as possible without detection. 

Countless e-commerce domains have become victims to Magecart, of which prolific cybercriminal gangs known to specialize in card skimming have been split up and named as separate Magecart groups for tracking purposes. 

See also: Skimming code battle on NutriBullet website may have risked customer credit card data

The cybersecurity firm has explored the new technique, described in a blog post published on Thursday, which is believed to be the handiwork of Magecart Group 9.

Originally, when Malwarebytes stumbled across a suspicious-looking image file, the team thought it may be related to an older technique that uses favicons to hide skimmers, as previously reported by ZDNet. The technique used in documented attacks serves legitimate favicons to the bulk of a website — but saves malicious variants for payment portal pages.

However, it seems Magecart Group 9 has gone further. Card skimmer code was found buried within the EXIF metadata of an image file, which would then be loaded by compromised online stores. 

Malwarebytes says the malicious image detected was loaded by a store using a WordPress e-commerce plugin. 

The attack is a variation that uses favicons, but with a twist. Malicious code was tracked back to a malicious domain, cddn[.]site, that is loaded via a favicon file. While the code itself did not appear malicious at first glance, a field called “Copyright” in the metadata field loaded the card skimmer using an < img > header tag, specifically via an HTML onerror event, which triggers if an error occurs when loading an external resource.

CNET: Twitter challenges millions of accounts every week to determine if they’re bots or not

When loaded onto a compromised website, the JavaScript grabs input from fields used to submit payment information, including names, billing addresses, and card details. 

The Magecart group obfuscated the code within the EXIF data, and unusually, will not simply send stolen data via text to a command-and-control server (C2). Instead, data collected is also sent as image files via POST requests. 

“The threat actors probably decided to stick with the image theme to also conceal the exfiltrated data via the favicon.ico file,” the researchers say. 

TechRepublic: Phishing attacks target workers returning to the office

It is thought that Magecart Group 9 is to blame, due to links made by security researcher @AffableKraut to domains and registrars also hosting scripts using the EXIF technique. 

This is not the first time that WordPress e-commerce plugins have been connected to security issues over 2020. Several months ago, a bug was discovered in the Flexible Checkout Fields for WooCommerce plugin which permitted attackers to use XSS payloads to create administrator accounts on vulnerable domains.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Credit: Zdnet

Previous Post

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

Next Post

A to Z About Recurrent Neural Network (RNN).

Related Posts

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Next Post
A to Z About Recurrent Neural Network (RNN).

A to Z About Recurrent Neural Network (RNN).

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics
Machine Learning

Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics

February 26, 2021
Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS
Neural Networks

Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS

February 26, 2021
60+ free martech sessions. The agenda is live!
Digital Marketing

60+ free martech sessions. The agenda is live!

February 26, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
DataStax Astra goes serverless | ZDNet
Big Data

DataStax Astra goes serverless | ZDNet

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics February 26, 2021
  • Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS February 26, 2021
  • 60+ free martech sessions. The agenda is live! February 26, 2021
  • SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021 February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates