Hackers use the Fake Image Hosting Website

What is said to be one of the most creative hacking technique to date, a group of hackers made a fake image hosting website to use it as a disguise for their web skimming operations. The aim is to deploy harmful codes that will steal payment card credentials from users via infected websites. The cybersecurity experts refer to this technique as e-skimming, web skimming, or Magecart attack. In this operation, the hackers attack a website, insert malicious codes in the webpages.

The malicious codes are responsible for stealing payment credentials when the users enter the details during the checkout form. The skimming attacks have been on the rise for the last four years. The cybersecurity experts have advanced in identifying the web skimming attacks, but so have been the hackers, as they are coming up with more sophisticated techniques.

Hackers used a fake image hosting website

According to a report published by Malwarebytes, a US-based cybersecurity firm, the experts have discovered a new group of hackers that have taken this technique to a whole different level. The group, according to Malwarebytes, was found while the experts were investigating a range of unfamiliar cyberattacks. In the investigation, the hackers noticed that only the Favicon was modified on the website, which is the logo icon displayed on browser tabs. “This latest case started with an image file displayed on the browser’s tab often used for branding or identifying a website, also known as a favicon. While reviewing our crawler logs, we noticed requests to a domain called myicons[.]net hosting various icons and, in particular, favicons. Several e-commerce sites were loading a Magento favicon from this domain,” says the report of Malwarebytes.

The hackers responsible behind this attack surely went some extra miles, as the codes were sophistically hidden. But, web skimming attacks, sooner or later, are bound to be found. “Given the decoy icons domain registration date, this particular scheme is about a week old but is part of a more significant number of ongoing skimming attacks. The goal remains to deceive online shoppers while staying under the radar from website administrators and security scanners,” says Malwarebytes.