A few days ago, we were tackling a new technique to steal credit card information from online stores using Google Analytics code manipulation. But digital pickpockets do not rest, and are constantly innovating.
According to an investigation by the cybersecurity company Malwarebytes, cybercriminals are turning to steganography (hiding text within images) in order to execute their robberies.
But the novelty is that they do it twice : they first inject malicious code (called ‘skimmer’, like card cloning devices) loaded into the image metadata and then hide the stolen information in a second image.
Be wary of that favicon
In this case, they resort to a technique specifically designed to attack websites that use WooCommerce, the most popular e-commerce plugin of the most popular CMS on the Internet, WordPress. It is its wide market share that makes it a desired target for cybercriminals.
Once loaded, the code waits for the user to key in their private payment-related information, and saves that information as obfuscated text. Then, it collects the text and forwards it to the attackers … hidden within a second image, to make detection difficult.
Serve this as a reminder that malware can be hidden anywhere, using millions of tactics and from almost any device. And that is why it is essential to take adequate precautions when keeping our equipment safe.