Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Hackers hide web skimmer behind a website’s favicon

May 7, 2020
in Internet Security
Hackers hide web skimmer behind a website’s favicon
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

In one of the most complex and innovative hacking campaigns detected to date, a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites.

The operation is what security researchers refer to these days as a web skimming, e-skimming, or a Magecart attack.

You might also like

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

Ursnif Trojan has targeted over 100 Italian banks

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

Hackers breach websites and then hide malicious code on its pages, code that records and steals payment card details as they’re entered in checkout forms.

Web skimming attacks have been going on for almost four years, and as security firms are getting better at detecting them, attackers are also getting craftier.

Hackers created a fake icons hosting portal

In a report published today, US-based cybersecurity firm Malwarebytes said it detected one such group taking its operations to a whole new level of sophistication with a new trick.

The security firm says it discovered this group while investigating a series of strange hacks, where the only thing modified on the hacked sites was the favicon — the logo image shown in browser tabs.

The new favicon was a legitimate image file hosted on MyIcons.net, with no malicious code hidden inside it. However, while the change looked innocent, Malwarebytes said that web skimming code was still loaded on hacked sites, and there was clearly something strange with the new favicon.

favicon-trick.png

Image: Malwarebytes

The trick, according to Malwarebytes, was that the MyIcons.net website served a legitimate favicon file for all a website’s pages, except on pages that contained checkout forms.

On these pages, the MyIcons.net website would secretly switch the favicon with a malicious JavaScript file that created a fake checkout form and stole user card details.

Malwarebytes said that site owners investigating the incident and accessing the MyIcons.net website would find a fully-working icon hosting portal, and would be misled to believe it’s a legitimate site.

However, the security firm says MyIcons.net was actually a clone of the legitimate IconArchive.com portal, and that its primary role was to be a decoy.

Furthermore, the site was also hosted on servers used previously in other web skimming operations, as reported by fellow cybersecurity firm Sucuri a few weeks before.

The group behind this operation went through great lengths to hide its malicious code; however, intrusive card-skimming hacks rarely do go unnoticed and almost always get uncovered.

Nonetheless, the effort to build a fake icon hosting portal is something not seen before in other web skimming operations, although other types of cybercrime groups have done similar things.

For example, the Zirconium gang registered 28 fake ad agencies in order to show malicious ads on thousands of sites, and the operator of the Orcus remote access trojan registered and operated a company in Canada claiming to provide remote access software for enterprise workers.

Credit: Zdnet

Previous Post

Facebook Launches 'Discover,' A Secure Proxy to Browse the Internet for Free

Next Post

Attend SMX June 23-24… for free!

Related Posts

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies
Internet Security

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

March 4, 2021
Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
Next Post
Attend SMX June 23-24… for free!

Attend SMX June 23-24… for free!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Deno 1.8 preps for GPU-accelerated machine learning
Machine Learning

Deno 1.8 preps for GPU-accelerated machine learning

March 4, 2021
3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021
Neural Networks

3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021

March 4, 2021
How to Get More Marketing-Qualified Leads
Marketing Technology

How to Get More Marketing-Qualified Leads

March 4, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

Why developers should centralize their security – IBM Developer

March 4, 2021
Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies
Internet Security

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

March 4, 2021
Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams
Internet Privacy

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Deno 1.8 preps for GPU-accelerated machine learning March 4, 2021
  • 3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021 March 4, 2021
  • How to Get More Marketing-Qualified Leads March 4, 2021
  • Why developers should centralize their security – IBM Developer March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates