Articles Hackers hide web skimmers in social media buttons

Hackers hide web skimmers in social media buttons


Sanguine Security analysts have discovered that attackers are using steganography and hiding MageCart skimmers in buttons designed to publish content on social networks.

Let me remind you that initially the name MageCart was assigned to one hack group, which was the first to introduce web skimmers (malicious JavaScript) on the pages of online stores to steal bank card data. But this approach turned out to be so successful that the group soon had numerous imitators, and the name MageCart became a household name, and now they denote a whole class of such attacks.

Steganography means hiding information within another format (for example, text within images, images within videos, and so on). In recent years, the most common form of steganographic attacks has been hiding malicious payloads within image files, usually in PNG or JPG formats. Operators of web skimmers also did not stay away from this trend and hid their malicious code in website logos, product images or in the  favicon of infected resources.

Sanguine Security experts now write that SVG files, rather than PNG or JPG files, are used in new attacks to conceal malicious code. Most likely, this is due to the fact that recently, protective solutions have become better at detecting skimmers in ordinary pictures.

In theory, it should be easier to detect malicious code in vector images. However, the researchers write that attackers are smart and designed their payload with these nuances in mind.

“The malicious payload takes the form of an HTML <svg> element using the <path> element as a container for the payload. The payload itself is hidden using syntax that resembles the correct use of the <svg> element, ”reads the expert report.

According to experts, hackers tested this technique back in June, and it was discovered on active e-commerce sites in September, with malicious payloads hidden inside buttons designed to publish content on social networks (Google, Facebook, Twitter, Instagram, YouTube, etc. Pinterest).

In infected stores, as soon as users navigated to the checkout page, a secondary component (called a decoder) read the malicious code hidden inside social media icons and then downloaded a keylogger that would capture and steal bank card information from the checkout form.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you