Hackers found new way to attack e-commerce stores, online shoppers and steal credit card details.
Steganography, Web Skimmer Attack
Steganography — hiding information inside another format (i.e., text inside images, images inside videos, etc.) or by placing the bad code inside seemingly innocent files.
Skimming — an illegal practice used to capture credit card information from a cardholder surreptitiously.
Similarly, Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines to collect card data.
Recently, criminals found a new web malware that hides inside images used for social media sharing buttons in order to steal credit card information entered in payment forms on online stores.
Malicious Code Hidden in SVG Images
Over the past years, steganography attacks hide malicious payloads inside image files, usually stored in PNG or JPG formats.
But as steganography use grew, security firms also started looking and analyzing image files — could find irregularities or hidden web skimmer payloads.
In recent attacks, the malicious code wasn’t hidden inside PNG or JPG files but in SVG files.
Scalable Vector Graphics — a file format that allows displaying vector images on your website.
However, the threat actors were very clever when they designed their payload.
“The malicious payload assumes the form of an HTML < svg > element, using the < path > element as a container for the payload. The payload itself is concealed utilizing syntax that strongly resembles correct use of the < svg > element,” SangSec said in a report last week.
In June — it found malware gangs testing this technique, In September — live e-commerce sites.
Followingly, the malicious payload hidden inside social media sharing icons for sites like Google, Facebook, Twitter, Instagram, YouTube, and Pinterest.
On infected stores, once users accessed the checkout page, a secondary component (called a decoder) would read the malicious code hidden inside the social sharing icons and then load a keylogger that recorded and exfiltrated card details entered in the payment form.
The simplest way to protect from web skimmer attacks is to use virtual cards designed for one-time payments.