Novel Online Shopping Malware Hides in Social-Media Buttons

2020-12-04 19:23

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway.

Once ensconced on the page, the malware behaves just like the widespread Magecart group of skimmers, with the code being parsed and run by a shopper's PC in order to harvest payment cards and any other information entered into a site's online fields, he added.

"Because it hides in legitimate-seeming files, it successfully dodges malware monitors and corporate firewalls. It is the next step by adversaries to stay under the radar, and quite successfully so," de Groot told Threatpost.

Adding a further element of sneakiness, the malware consists of two parts: The payload code itself, and a decoder, which reads the payload and executes it.

"This malware was not as sophisticated and was only detected on nine sites on a single day," the post read. "Of these nine infected sites, only one had functional malware. The eight remaining sites all missed one of the two components, rendering the malware useless. The question arises if the June injections could have been the creator running a test to see how well their new creation would fare."

News URL

https://threatpost.com/online-shopping-malware-social-media-buttons/161903/

#malware #online #socialmedia