Cyber criminals have created a new type of malware on the web that hides inside images used for buttons for social media, with the aim of stealing credit card information that is entered into payment forms in electronic stores.
The malware – known as web skimmer, or the Magecart script – was detected in online stores between June and September. Dutch information security company Sanguine Security was the first to spot it.
The discovery of this particular form of malware indicates that the Magecart gangs are constantly developing their malicious tricks, even though it has not been widely shared.
On a technical level, the detected malware uses a technique known as “hiding information”. This technique refers to hiding information in another format, for example: hiding text inside pictures.
In the world of malware attacks, the method of masking information is usually used as a way to hide the malicious code from anti-virus programs, by placing the malicious code inside files that appear to be virus-free files.
Over the past years, the most common form of steganography attacks has been hiding malicious payloads inside image files, which are usually stored in PNG or JPG formats.
However, this technology has slowly seen some use among the Magecart scripts gangs, after previous cloaking attacks used website logos, product images, or preferred icons to hide payloads of malware.
And for those who want to protect themselves from this type of malware, users have very few options, as this type of code is usually invisible to them and very difficult to detect, even for professionals.
It is believed that the simplest way for shoppers to protect themselves from magecart scripts attacks is to use virtual cards designed for one-time payment.
Some banks or payment applications currently provide these cards, and it is the best way to deal with this malware on the Internet, as even if the attackers were able to record transaction details, credit card data is useless; Because they’re single-use.