SoylentNews is people
SoylentNews
Credit card skimmers are now being buried in image file metadata on e-commerce websites:
The attack is a variation that uses favicons, but with a twist. Malicious code was tracked back to a malicious domain, cddn[.]site, that is loaded via a favicon file. While the code itself did not appear malicious at first glance, a field called "Copyright" in the metadata field loaded the card skimmer using an[sid] header tag, specifically via an HTML onerror event, which triggers if an error occurs when loading an external resource.
When loaded onto a compromised website, the JavaScript grabs input from fields used to submit payment information, including names, billing addresses, and card details.
The Magecart group obfuscated the code within the EXIF[*] data, and unusually, will not simply send stolen data via text to a command-and-control server (C2). Instead, data collected is also sent as image files via POST requests.
"The threat actors probably decided to stick with the image theme to also conceal the exfiltrated data via the favicon.ico file," the researchers say.
It is thought that Magecart Group 9 is to blame, due to links made by security researcher @AffableKraut to domains and registrars also hosting scripts using the EXIF technique.
[*] EXIF: Exchangeable image file format.
(Score: 2) by Bot on Monday June 29 2020, @05:30PM (7 children)
>using an[sid][sic]
Anyway, a virtual debit card with numbers and limits unique to any transaction help limit the risks.
Account abandoned.
(Score: 1, Touché) by Anonymous Coward on Monday June 29 2020, @05:37PM
Federal law limits my risk, which is then nullified by voluntary agreements of the issuer.
(Score: 0, Offtopic) by fustakrakich on Monday June 29 2020, @05:41PM
Good ol' one time pad.
It is the only encryption that actually works
:-) an "ess-eye-dee"
La politica e i criminali sono la stessa cosa..
(Score: 2) by DannyB on Monday June 29 2020, @06:30PM (3 children)
> loaded the card skimmer using an[sid][sic] header tag
That's sick.
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: -1, Offtopic) by Anonymous Coward on Monday June 29 2020, @07:00PM (2 children)
That was Honeycomb.
(Score: 0, Offtopic) by Anonymous Coward on Monday June 29 2020, @09:19PM
Honeycomb's big? Yeah yeah yeah.
It's not small? No, no, no.
Honeycomb's got a big big bite!
Big big taste in a big big bite!
(Score: 2) by DannyB on Tuesday June 30 2020, @05:19PM
No, um, they're Guuuuuuureat!
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @10:05AM
Its a fantastic idea, but we don't have them here.
Also, retailers reject transactions that don't hand over the person's postcode and other private details.