Hackers hide credit card stealing scripts in favicon EXIF data

Totally sneaky…I have a grudging admiration for these guys…:

[…] In a new report by Malwarebytes, an online store using the WordPress WooCommerce plugin was found to be infected with a Magecart script to steal customer’s credit cards.

What made this attack stand out was that the scripts used to capture data from payment forms were not added directly to the site but were contained in the EXIF data for a remote site’s favicon image.

“The abuse of image headers to hide malicious code is not new, but this is the first time we witnessed it with a credit card skimmer,” Malwarebytes’ Jérôme Segura stated in the report.

[…]

Original article here