Credit card theft software in social media buttons |
Cyber criminals have created a new type of online malware hidden in pictures of social media buttons to steal credit card information that is entered into payment methods in electronic stores.
The malware was discovered in online stores called WebSharers or Magecart Scripts between June and September. Sanguine Security, a Dutch information security company, was the first to discover it.
Although not much has been reported about this type of malware, the results indicate that the Magecart Group is constantly working hard to develop its malicious technologies.
Technically, the malware it detects uses a technique called "masking." This technique refers to hiding information in another format, for example b- Hiding text in an image.
In a world of malware attacks, the information protection method is usually used to hide malicious code from antivirus programs by placing malicious code in files that appear free of viruses.
In recent years, the most popular form of an steganography attack has been to hide malicious payloads in image files, usually saved in PNG or JPG format.
In the area of malware called Magecart scripts, it is possible to hide information as most of these programs are usually hidden in JavaScript code rather than image files.
After past cloaking attacks used website logos, product images, or favorite icons to hide malware payloads, this technology slowly found its way into Magecart's script suite.
For those looking to protect themselves from this type of malware, users have few options to choose from because this type of code is usually invisible to them and difficult to see even for professionals. In the.
It is believed that the easiest way for shoppers to protect themselves from Magecart scripts is to use virtual cards designed for one-time payments.
Some banks or payment apps currently offer these cards. This is the best way to deal with this malware on the Internet. Even if the attacker manages to record the details of the transaction, the credit card information will not be of use because it is all generated at once.