Malwarebytes team reported a new malicious campaign where hackers are exploiting websites with homoglyph domains and favicons for stealing credit card data. The hackers in here are storing their malicious code in the EXIF data of a favicon file, which will be loaded along with the page to infect the site.
Hackers Exploit Favicons to Steal Card Data
Magecart attacks are growing good since most of us are restricted to home these days. The attacks include infecting any e-commerce website with a specially crafted malware to capture the details of sensitive information like credit card data and billing address of buyers. And this identifiable and financial data is then resold in dark web groups or used for further attacks.
Security researchers are surfacing newer versions of Magecart attacks now and then since all of them share a similarity of hiding malicious codes in metadata of the files to be exploited. But in a new iteration of these attacks, as found by Malwarebytes team, researchers found the malicious script of attackers data-stealing malware is loaded into a favicon file!
Since favicon (.ico) files have EXIF meta tags, which provide more data fields than a general text file’s metadata, hackers here are exploiting this chance. They’re storing the code in “copyright” file of the favicon files. Further, they’re operating this campaign by targeting the domains that have homoglyph names, since they can be spoofed easily.
Researchers explained the incident with one attack, where the actual “cigarpage.com” was breached and changed the favicon to their desired image, which was also planted on their spoofing website’s favicon, that has the domain as “cigarpaqe.com”. This gives an added authenticity layer for the fake website.
Other Trending News:- News