Credit card stealer discovered in social media buttons
Cyber-criminals have created a new type of web malware that hides inside images used for social media sharing buttons in order to steal credit card information entered in payment forms on online stores.
The malware, known as a web skimmer, or Magecart script, was spotted on online stores in June and September this year by Dutch security firm Sanguine Security (SanSec).
While this particular form isn’t widely deployed, its discovery suggests that Magecart gangs are constantly evolving their bag of tricks.
STEGANOGRAPHY AND MALWARE ATTACKS
At the technical level, this particular script uses a technique known as steganography. Steganography refers to hiding information inside another format (i.e., text inside images, images inside videos, etc.).
In the world of malware attacks, steganography is typically employed as a way to sneak malicious code past security scanners by placing the bad code inside seemingly innocent files.
Over the past years, the most common form of steganography attacks has been to hide malicious payloads inside image files, usually stored in PNG or JPG formats.
Malware gangs would add the malicious code inside the image, the image would be downloaded on a host system, extracted by another of the malware gang’s components, and then executed.