Security News > 2021 > March > Magecart Attackers Save Stolen Credit-Card Data in .JPG File

Magecart Attackers Save Stolen Credit-Card Data in .JPG File
2021-03-16 16:40

Magecart attackers have found a new way to hide their nefarious online activity by saving data they've skimmed from credit cards online in a.JPG file on a website they've injected with malicious code.

"The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner," he wrote.

Peering under the hood of the compromised site revealed a malicious injection that was capturing POST request data from site visitors, Leal explained.

Specifically, Sucuri found that attackers injected PHP code into a file called.

The code also created a.JPG file, which attackers used to store any data they captured from the compromised site, he said.

Once attackers get their hand on customer payment data, they can then go on to use it for various criminal activities, such as credit-card fraud or targeted e-mail-based spam or phishing campaigns, Leal added.


News URL

https://threatpost.com/magecart-attackers-stolen-data-jpg/164815/