Security News > 2020 > June > Hackers Target Online Stores With Web Skimmer Hidden in Image Metadata
A group of cybercriminals managed to hide their web skimmer in the EXIF metadata of an image that was then surreptitiously loaded by compromised online stores, Malwarebytes reveals.
Although image files have been long used to carry malicious code and exfiltrate data, it's unusual to have web skimmers hidden in image files.
The script would load a favicon file identical to the favicon used by the compromised store, and the web skimmer was being loaded from the Copyright metadata field of this image.
The skimmer was designed to grab the content of the input fields where online shoppers enter their name, billing address and credit card details, just as other similar code does.
The skimmer also encodes the harvested data, reverses the string, and sends the information to an external server as an image file, via a POST request.