Web Skimmer — Attack Using Social Media Buttons

Home/Internet Security/Web Skimmer — Attack Using Social Media Buttons

Web Skimmer — Attack Using Social Media Buttons

Hackers found new way to attack e-commerce stores, online shoppers and steal credit card details.

Steganography, Web Skimmer Attack

Steganography — hiding information inside another format (i.e., text inside images, images inside videos, etc.) or by placing the bad code inside seemingly innocent files.

Skimming — an illegal practice used to capture credit card information from a cardholder surreptitiously.

Similarly, Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines to collect card data.

Recently, criminals found a new web malware that hides inside images used for social media sharing buttons in order to steal credit card information entered in payment forms on online stores.

Follow Us on: Twitter, InstagramLinkedIn to get latest security news!

Malicious Code Hidden in SVG Images

This year Dutch security firm Sanguine Security (SangSec) spotted the malware, known as a web skimmer, or Magecart script, on online stores.

Over the past years, steganography attacks hide malicious payloads inside image files, usually stored in PNG or JPG formats.

But as steganography use grew, security firms also started looking and analyzing image files — could find irregularities or hidden web skimmer payloads.

In recent attacks, the malicious code wasn’t hidden inside PNG or JPG files but in SVG files.

Scalable Vector Graphics — a file format that allows displaying vector images on your website.

However, the threat actors were very clever when they designed their payload.

“The malicious payload assumes the form of an HTML < svg > element, using the < path > element as a container for the payload. The payload itself is concealed utilizing syntax that strongly resembles correct use of the < svg > element,” SangSec said in a report last week.

In June — it found malware gangs testing this technique, In September — live e-commerce sites.

Followingly, the malicious payload hidden inside social media sharing icons for sites like Google, Facebook, Twitter, Instagram, YouTube, and Pinterest.

Security Recommendation

On infected stores, once users accessed the checkout page, a secondary component (called a decoder) would read the malicious code hidden inside the social sharing icons and then load a keylogger that recorded and exfiltrated card details entered in the payment form.

The simplest way to protect from web skimmer attacks is to use virtual cards designed for one-time payments.

By | 2020-12-08T19:04:22+05:30 December 8th, 2020|Internet Security|

About the Author:

FirstHackersNews- Identifies Security


  1. altyazili izle December 10, 2020 at 9:25 am - Reply

    Im obliged for the blog. Much thanks again. Really Cool. Morgen Jozef Zoldi

  2. CBD for dogs February 28, 2021 at 10:04 am - Reply

    Howdy! Do you know if they make any plugins to assist with Search Engine Optimization? I’m trying
    to get my blog to rank for some targeted keywords but I’m not seeing very good results.
    If you know of any please share. Many thanks!

  3. cbid March 1, 2021 at 11:14 am - Reply

    whoah this weblog is excellent i like reading your posts.
    Stay up the good work! You realize, many people are hunting
    round for this information, you could help them greatly.

  4. CBD March 1, 2021 at 12:00 pm - Reply

    What i do not realize is actually how you’re no longer really
    a lot more well-liked than you might be now. You are very intelligent.
    You already know therefore considerably in the case of this matter,
    produced me in my opinion believe it from so many various angles.
    Its like women and men aren’t fascinated unless it is something to accomplish
    with Girl gaga! Your own stuffs outstanding.

    Always take care of it up!

  5. buy cbd gummies March 2, 2021 at 1:09 pm - Reply

    Simply want to say your article is as astounding. The clearness in your put up is simply nice
    and that i can assume you are knowledgeable in this subject.
    Well together with your permission let me to take hold of your RSS feed to stay up to date with
    forthcoming post. Thank you 1,000,000 and please continue the rewarding work.

  6. hermelinda March 2, 2021 at 5:08 pm - Reply

    It’s difficult to find experienced people about this subject, but you sound
    like you know what you’re talking about! Thanks

  7. Alvaro March 2, 2021 at 5:52 pm - Reply

    Hello! I’m at work surfing around your blog from my new iphone
    4! Just wanted to say I love reading your blog and look forward to all your posts!
    Keep up the great work!

Leave A Comment

Subscribe to our newsletter to receive security tips everday!