Security News > 2020 > June > e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata
2020-06-30 00:57

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites.

"We found skimming code hidden within the metadata of an image file and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week.

"This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot."

Every image comes embedded with information about the image itself, such as the camera manufacturer and model, date and time the photo was taken, the location, resolution, and camera settings, among other details.

Using this EXIF data, the hackers executed a piece of JavaScript that was concealed in the "Copyright" field of the favicon image.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/yB7tsRWZeYw/image-credit-card-skimmers.html