Security experts discovered that credit card skimmers are now using a new trickier malware that uses fake social media icons to trick online shoppers and e-commerce stores.

These hackers developed a new type of web malware that hides inside the small images of popular social media sites, such as Facebook, Instagram, YouTube, Messenger, LinkedIn, and more.

The new web malware allows cyber attackers to steal user's credit card information once they enter the payment forms on online stores. It's called a Magecart script or a web skimmer.

Sanguine Security or SanSec, a Dutch security firm, is the one that first discovered the new hacking method on online stores in June and September this year 2020.

"Online payment thieves developed a new method to hide payment skimmers in perfectly legitimate social media icons," said Joost Spanjerberg, a malware researcher at SanSec via Fox News.

Magecart gangs improving

Although the new method is not widely used by many hackers yet, the security researchers suggest that the Magecart gangs are constantly evolving their malware and other hacking tricks.

Also Read: Gionee Charged Guilty of Intentionally Infecting 20 Million Phones with Trojan Horse Malware for Profit

The new method uses a technique called steganography, which refers to hiding information inside another format such as images inside videos, texts inside images, and more. The most common form of steganography attacks is hiding malicious codes or malware inside image files.

Hackers are usually storing them in JPG or PNG formats. Once the malicious code is inside the image, the cybercriminals will download the photo on a host system.  According to ZDNet's latest report, it will be executed by another code of the malware gang's components.

Why skimmers use steganography

Most web-based skimmers use steganography because they are typically hidden or stored in JavaScript code and not inside image files.  And now, hackers are enhancing this method, with some being spotted using site logos, favicons, and product images to hide malicious malware or codes.

Because of the current adoption, many security researchers are now observing, checking, and analyzing image files as a place that find hidden web skimmer payloads or irregularities.

For more news updates about new hacking schemes, always keep your tabs open here at TechTimes.

Related Article: US Cybersecurity Agency Flags Vulnerabilities on Millions of Smart Devices Using Open-Source Software

This article is owned by TechTimes.

Written by: Giuliano de Leon.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion