Dynamically Loaded Skimmer
The PHP-based Skimmer Distribution Process
Magecart hackers launch the attack through a PHP-based web shell into the vulnerable website. They conduct the activity by supplanting the rightful shortcut icon tags with a path to the fabricated PNG file. Upon further investigation, researchers discovered the m1_2021_force directory. It shows additional code specific to credit card skimming.
Adoption of a Wide Range of Attack Vectors
Intending to capture payment data, Magecart hackers have adopted a broad spectrum of attack vectors over the last few months. The cybercrime syndicate has amplified in its bid to compromise online stores. It engages in conducting IDN homograph attacks to feed web skimmers masqueraded as a favicon. More so, it conceals card stealer code within image metadata. On top of that, it also uses Telegram and Google Analytics as an exfiltration channel.
Proactive security is the need of an hour when the online world has been under the constant radar from criminal elements. In such a scenario, it is an obligation on the part of online merchants to keep their stores up to the minute. Moreover, they need to maintain the trust buyers placed in them. While as a buyer, you need to exercise due diligence when doing online shopping. Besides, you need to have security tools installed on your devices to have a safer online experience.