Security News > 2020 > August > Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly.

Called an internationalized domain name homograph attack, the technique has been used by a Magecart group on multiple domains to load the popular Inter skimming kit hidden inside a favicon file.

The visual trickery typically involves leveraging the similarities of character scripts to create and register fraudulent domains of existing ones to deceive unsuspecting users into visiting them and introduce malware onto target systems.

In several instances, Malwarebytes found that legitimate websites were hacked and injected with an innocuous piece of code referencing an icon file that loads a copycat version of the favicon from the decoy site.

This favicon loaded from the homoglyph domain was subsequently used to inject the Inter JavaScript skimmer that captures the information entered on a payment page and exfiltrates the details to the same domain used to host the malicious favicon file.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/dUqTKdow30Q/magecart-homograph-phishing.html