Hackers have found a new way to steal consumers’ payment details online, but this time it involves images files and a common e-commerce WordPress plugin…
Practically every adult knows to look over ATMs and gas station credit card readers for skimmers. These are physical devices which grab payment details, store that information, and are then transferred to a gift card or expired credit or debit card. The criminal can go on a spending spree thereafter. But now, hackers are exploiting website payment portals by inserting malicious code into seemingly innocuous images.
Hackers Exploiting Image File Metadata to Steal Credit Card Information
Malwarebytes has released some findings from its research, which determined hackers put Magecart JavaScript code into the EXIF metadata of image files. While hiding malicious code in images isn’t new, what is new is the creation of a virtual credit card skimmer used to steal payment details.
Hackers have also put their malicious code in to the WooCommerce plugin for WordPress. When it loads to process a transaction, it siphons off the payment information, such as the customer’s name, address, as well as credit or debit card details. Malwarebytes writes on its official blog:
“We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores. This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot.”