Home Cyber Attack Magecart Targets Online Stores By Hiding Behind Social Media Buttons
Cyber AttackHacking NewsLatest Cyber Security News | Network Security HackingNews

Magecart Targets Online Stores By Hiding Behind Social Media Buttons

by Abeerah Hashim
written by Abeerah Hashim

As the holiday season approaches, people need to be even more vigilant during online shopping. That too, while sharing their purchases with their friends on social media. Researchers have found a new malware campaign that hides Magecart skimmers behind legit-looking social media buttons.

Magecart Skimmers Exploiting Social Media Buttons

Dutch cybersecurity firm Sansec has recently caught a card skimmer campaign in the wild. As elaborated in their blog post, the new campaign hides Magecart skimmers behind social media buttons to evade detection.

The attack strategy basically makes use of steganography – a technique involving the concealment of information inside images. In the case of cyber attacks, the threat actors hide malicious codes behind seemingly harmless images to trick users.

Sansec team noticed the use of steganography by the threat actors to hide Magecart skimmers behind images impersonating social media icons. As observed, the first part of the attack involves specific SVG files that include malicious payload.

The malicious payload assumes the form of an html <svg> element, using the <path> element as a container for the payload. The payload itself is concealed utilizing syntax that strongly resembles correct use of the <svg> element. To complete the illusion of the image being benign, the malware’s creator has named it after a trusted social media company.

Whereas, the second part of the attack involves a decoder that executes the payload.

The trickiest feature of this attack strategy is that the attackers can place the two components in different places on a website. Hence, it becomes difficult to detect the two components and know the presence of skimmers. Even upon detecting the strange SVG formats, it’ll be difficult to figure out its purpose.

Shop Safely

The researchers first noticed similar malware in June 2020. However, the attack maintained a low-profile infecting only 1 with functional malware (both components) out of the 9 detected websites.

Hence, they suspect the initial campaign to be a test case leading to a functional campaign that began in September 2020.

Since the malware is already in the wild, all users must ensure employing safety tips while shopping online.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses