Categories: FinanceNews

Criminals Embed Credit Card Loggers In E-Commerce Product Images

Steganography is a powerful tool which allows anyone to hide specific information in images. Magento users may want to pay specific attention to configuring their site, as assailants will use their media library to embedded credit card swipers in sites. For anyone running an e-commerce platform, this is a major security concern.

Criminals Once Again Use Steganography For Malicious Purposes

The art of steganography is often underestimated, even though it offers a lot of potential. By using this technology anyone in the world can hide information within public images. A hidden message or specific code are often hidden with steganography.  Criminals, though, are taking things to the next level, by looking to record credit card information using images on e-commerce websites.

These credit card scrapers consist of bits of malicious code which are embedded in logos or product images. This code will auto-execute whenever the image is loaded and collect credit card numbers as well as login details. Anyone running an e-commerce shop on the Magento CDN platform is more susceptible to these attacks for some reason.

What is rather interesting is how the recorded credit card information could be stored in images where they are hidden in plain sight. One such image was recently uncovered in the wild, which means attackers don’t need to access the backend of an e-commerce platform in order to retrieve the recorded information.



Related Post

To make matters worse, most e-commerce site owners wouldn’t even notice that something malicious is going on. The images work and load just as expected, and on the surface there is nothing wrong with them. To determine whether or not the images are legitimate, one would have to look at the source code of the image file itself.

In this day and age, malware can be found around every corner of the Internet. Unfortunately, that also means that malicious code is embedded within images on sites that are absolutely legitimate. One simply can’t trust any image on the Internet anymore, as it may be using steganography to hide code that logs sensitive user information .

Keeping in mind how over 240,000 e-commerce stores around the world use the Magento platform, this malware threat should be taken very seriously. Not too long ago, Magento sites were subject to the KincilWare ransomware, which would encrypt website files. It seems criminals are purposefully targeting this platform because of   its security flaws, which is not a positive sign for the future.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Altcoin Alert: Crypto Market Cap Breaches Key Level Hinting at an 8000x Rally for this Shiba Inu Killer

Shiba Inu (SHIB) gave enormous returns in 2021, making many early holders millionaires. After the…

2 hours ago

XRP Crash? XRP Falls Below $0.5 Resistance Level as Next Gen Altcoin JetBolt Takes Over

Spooky season might be over but doom is still looming as Ripple’s XRP falls below…

5 hours ago

This New Exchange Token Is Poised for a Price Surge Alongside Cardano and Avalanche – Analysts Predict Huge Gains This November

Three promising altcoins are causing a stir among investors this November: Avalanche (AVAX), Cardano (ADA),…

5 hours ago

With Dogecoin Dipping and TRON Holding, Is Lunex the Hottest Crypto Now?  

Everyone knows what the hottest crypto can do. When it was so hot it was…

6 hours ago

Tron Fees To Be Cut In Half Through Proposal 95, Cutoshi Surpasses $600k As TRX Investors Join CUTO Presale

The Tron network has witnessed incredible growth in several areas, especially in its adoption, which…

7 hours ago

$Pepe Whale Sell-Off And Fund Transfers Stir Volatility In Meme Coin Market

Recently, major $PEPE holder Flow Traders transferred 520 billion $PEPE tokens—worth approximately $4.73 million—from address…

15 hours ago