Web Skimmer — Attack Using Social Media Buttons

Home/Internet Security/Web Skimmer — Attack Using Social Media Buttons

Web Skimmer — Attack Using Social Media Buttons

Hackers found new way to attack e-commerce stores, online shoppers and steal credit card details.

Steganography, Web Skimmer Attack

Steganography — hiding information inside another format (i.e., text inside images, images inside videos, etc.) or by placing the bad code inside seemingly innocent files.

Skimming — an illegal practice used to capture credit card information from a cardholder surreptitiously.

Similarly, Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines to collect card data.

Recently, criminals found a new web malware that hides inside images used for social media sharing buttons in order to steal credit card information entered in payment forms on online stores.

Follow Us on: Twitter, InstagramLinkedIn to get latest security news!

Malicious Code Hidden in SVG Images

This year Dutch security firm Sanguine Security (SangSec) spotted the malware, known as a web skimmer, or Magecart script, on online stores.

Over the past years, steganography attacks hide malicious payloads inside image files, usually stored in PNG or JPG formats.

But as steganography use grew, security firms also started looking and analyzing image files — could find irregularities or hidden web skimmer payloads.

In recent attacks, the malicious code wasn’t hidden inside PNG or JPG files but in SVG files.

Scalable Vector Graphics — a file format that allows displaying vector images on your website.

However, the threat actors were very clever when they designed their payload.

“The malicious payload assumes the form of an HTML < svg > element, using the < path > element as a container for the payload. The payload itself is concealed utilizing syntax that strongly resembles correct use of the < svg > element,” SangSec said in a report last week.

In June — it found malware gangs testing this technique, In September — live e-commerce sites.

Followingly, the malicious payload hidden inside social media sharing icons for sites like Google, Facebook, Twitter, Instagram, YouTube, and Pinterest.

Security Recommendation

On infected stores, once users accessed the checkout page, a secondary component (called a decoder) would read the malicious code hidden inside the social sharing icons and then load a keylogger that recorded and exfiltrated card details entered in the payment form.

The simplest way to protect from web skimmer attacks is to use virtual cards designed for one-time payments.

By | 2020-12-08T19:04:22+05:30 December 8th, 2020|Internet Security|

About the Author:

FirstHackersNews- Identifies Security

One Comment

  1. altyazili izle December 10, 2020 at 9:25 am - Reply

    Im obliged for the blog. Much thanks again. Really Cool. Morgen Jozef Zoldi

Leave A Comment

Subscribe to our newsletter to receive security tips everday!