Hackers Are Using Website Favicon to Steal Credit Card Informations

Hackers are trying various new tactics and strategies to unknowingly steal pieces of information like credit card data. One such new method has been spotted by a popular cybersecurity research company, Malwarebytes.

Images have this option where one can store information like the date when the photo was taken, location information, the camera used, camera settings, etc. This is called EXIF Data (Exchangeable Image File Format).

From the sample spotted by the researcher, they were able to find a malicious javascript injected into the copyright section of EXIF data of the image.

This script injected favicon was not directly used on the website, making it harder for anyone to spot. Instead, it was active on a remote website.

Once the favicon image of the page is loaded, the script hidden in the image will become active. It collected the credit card information from the checkout page where the user definitely needs to enter the credit card details in order to proceed with the purchase.

Source: BleepingComputer

Soon after the user makes the payment, the favicon script will steal the credit card information and then sent it to the bad actors here.

This sort of attack was first spotted on a WordPress based website with WooCommerce plugin activated.

This is some kind of new attack employed by attackers to steal user information by making it so natural. One could not find any anomaly with the website as the script is hidden inside the favicon image.

The details regarding the exact team behind the attack are still not known. But as per the speculation of BleepingComputer, it might be linked to “Magecart 9”. This group has been earlier spotted trying new techniques to make it harder for people to find the script.

Source: Bleeping Computer

Astro K Joseph
I am Astro and here at IPEE World I write about various Technology content including News, Guides, and Reviews