card payments online

Cybercriminals are stealing card details by hiding code in images

1 Mins read

A few days ago, we were tackling a new technique to steal credit card information from online stores using Google Analytics code manipulation. But digital pickpockets do not rest, and are constantly innovating.

According to an investigation by the cybersecurity company Malwarebytes, cybercriminals are turning to steganography (hiding text within images) in order to execute their robberies.

But the novelty is that they do it twice : they first inject malicious code (called ‘skimmer’, like card cloning devices) loaded into the image metadata and then hide the stolen information in a second image.

Be wary of that favicon

In this case, they resort to a technique specifically designed to attack websites that use WooCommerce, the most popular e-commerce plugin of the most popular CMS on the Internet, WordPress. It is its wide market share that makes it a desired target for cybercriminals.

Attackers use favicons (the icons displayed in the browser tab) to hide a malicious script written in Javascript, causing the browser to run the latter when loaded.

Once loaded, the code waits for the user to key in their private payment-related information, and saves that information as obfuscated text. Then, it collects the text and forwards it to the attackers … hidden within a second image, to make detection difficult.


Serve this as a reminder that malware can be hidden anywhere, using millions of tactics and from almost any device. And that is why it is essential to take adequate precautions when keeping our equipment safe.

Related posts

TikTok is stealing private information from millions of users!

Leave a Reply


Google Phone app will tell you why companies are calling