Hackers steal credit card data using malicious images

Recent technological advances have led to new variants of hacking and cyberattack. Over the past two years, information security firm and independent researchers have given special follow-up to one of these new methods, known as steganography attack, in which threat actors hide malicious code in apparently harmless images to inject malware into computers systems and email inboxes to steal sensitive data.

The security firm Malwarebytes performed a thorough analysis on an image used in a real attack. According to the company’s report, the dangerous Magecart hacker group is the main operator of this attack variant in the world, mainly targeting e-commerce sites.

As mentioned in previous information security reports, steganography is the method by which hackers hide fragments of JavaScript code designed to collect data on the target system.

Steganography has proven to be a really useful method for hackers, as antivirus scanning and detection tools only analyze HTML or JavaScript codes, setting aside image files, as it takes longer to analyze them, which makes them an ideal option to hide malicious content.

One of the most commonly used methods for scanning images for malicious code is by using Hex Editor, which displays additional data that was added to the image after the final segment. Malwarebytes information security experts detected multiple malware-laden websites that use steganography to attack victims, adding JavaScript snippets to the captions or Google Tag Manager. In addition, it was shown that attackers who use WebSocket to communicate with their server achieve even more silently-liked attacks. When the page loads, the malicious JavaScript code is activated and becomes an ex-data filterer, transferring the compromised information to the hackers.

A couple of weeks ago, the International Institute of Cyber Security (IICS) reported a malicious campaign using steganography that used the use of an image by popular singer Taylor Swift. The malware contained in that image was used to add devices to a gigantic botnet.