fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Hide Credit Card Stealing Script In Favicon Metadata

Hackers Hide Credit Card Stealing Script In Favicon Metadata

Credit cards

Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection.

A common attack used to steal credit cards is to hack the website and inject malicious JavaScript scripts that steal submitted payment information when a customer makes a purchase.

These stolen credit cards are then sent back to a server under the control of the threat actors where they are collected and used for fraudulent purchases or to sell on dark web criminal markets.

These types of attacks are called Magecart and have been used on websites for well-known companies such as Claire’sTupperwareSmith & WessonMacy’s, and British Airways.

Also read: 7 Client Data Protection Tips to Keep Customers Safe

Continually evolving to better steal your credit cards

In a new report by Malwarebytes, an online store using the WordPress WooCommerce plugin was found to be infected with a Magecart script to steal customer’s credit cards.

What made this attack stand out was that the scripts used to capture data from payment forms were not added directly to the site but were contained in the EXIF data for a remote site’s favicon image.

“The abuse of image headers to hide malicious code is not new, but this is the first time we witnessed it with a credit card skimmer,” Malwarebytes’ Jérôme Segura stated in the report.

When images are created, the developer can embed information such as the artist who created it, information about the camera, copyright info, and even the location of the picture.

This information is called the Exchangeable Image File Format (EXIF) data.

In this attack, the threat actors hacked a website and added what appears to be a simple script that inserts a remote favicon image and does some processing.

After further investigation, Malwarebytes discovered that this favicon, while appearing harmless, actually contained malicious JavaScript scripts embedded in its EXIF data, as shown in the image below.

Malicious scripts in EXIF data
Source: BleepingComputer

Once the favicon image was loaded into the page, the scripts added to the site by the hackers would load the image’s embedded malicious skimmer scripts.

Once these scripts were loaded, any credit card information submitted on checkout pages was sent back to the attackers where they could be collected at their leisure.

Credit card information being stolen
Credit card information being stolen
Source: Malwarebytes

As these malicious card stealing scripts are not contained on the hacked site itself, it is more difficult for security software or even web developers to notice that something may be wrong.

Malwarebytes was able to find the kit that was used to create and perform this magecart attack. After further analysis, it was determined that this attack might be linked to a threat actor group known as ‘Magecart 9’.

This group has been linked to other clever techniques in the past, such as the use of web sockets to evade detection.

Also read: Privacy policy template important tips for your business

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us