Hackers are trying various new tactics and strategies to unknowingly steal pieces of information like credit card data. One such new method has been spotted by a popular cybersecurity research company, Malwarebytes.
Images have this option where one can store information like the date when the photo was taken, location information, the camera used, camera settings, etc. This is called EXIF Data (Exchangeable Image File Format).
This script injected favicon was not directly used on the website, making it harder for anyone to spot. Instead, it was active on a remote website.
Once the favicon image of the page is loaded, the script hidden in the image will become active. It collected the credit card information from the checkout page where the user definitely needs to enter the credit card details in order to proceed with the purchase.
Soon after the user makes the payment, the favicon script will steal the credit card information and then sent it to the bad actors here.
This sort of attack was first spotted on a WordPress based website with WooCommerce plugin activated.
This is some kind of new attack employed by attackers to steal user information by making it so natural. One could not find any anomaly with the website as the script is hidden inside the favicon image.
The details regarding the exact team behind the attack are still not known. But as per the speculation of BleepingComputer, it might be linked to “Magecart 9”. This group has been earlier spotted trying new techniques to make it harder for people to find the script.
Source: Bleeping Computer