Hackers hiding cred-card skimmers in Image metadata online

Crims finding ever more ingenious ways to part you from your hard-earned cash

Over the years we have probably all become accustomed to watching out for credit card skimmers at ATMs.

Small devices are hidden into the machine and generally covered up in some way so that the unaware or distracted accidentally end up handing over their card details to the bad guys.

Times move on though and now it seems we are facing the prospect of ‘virtual’ card skimmers tucked away in the metadata of image files on compromised online storefronts.

Security company Malwarebytes blogged that they had found a web skimmer hiding in the EXIF file (the file that accompanies an image and provides details on exposure, camera type, focal range, and the like).

“We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores. This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot.

During this research, we came across the source code for this skimmer which confirmed what we were seeing via client-side JavaScript. We also identified connections to other scripts based on various data points.”

The sites identified all use the incredibly popular webstore app WooCommerce as increasingly coming under threat from the exploit.

The Malwarebytes blog is pretty technically intense but serves as a warning we need to be increasingly vigilant. Chances are we wouldn’t even routinely notice anything suspicious here but it should be a nudge to keep a close eye on our bank transactions and report any unusual activity immediately. Things like suspicious small amounts being removed. Criminals generally like to check the account works before cleaning it out.

Let’s keep our eyes open out there.

You might like this

If you're using the Thingiverse platform, it's probably worth resetting those passwords
Celebrating Seven Years Of The Windows Insider Program
Have a PS5 Error Code? No Worries!

Share this article

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Managing Editor
at
PC guide
Been around consoles and computers since his parents bought him a Mattel Intellivision. Spent over a decade as editor of popular print-based video games and computer magazines, including a market-leading PlayStation title. Has written tech content for GamePro, Official Australian Playstation Magazine, PlayStation Pro, Amiga Action, Mega Action, ST Action, GQ, Loaded, and the Daily Mirror. Twitter: @iampaulmcnally

Independent, transparent, rigorous and authentic, our reviews are the most thorough and honest in PC gaming. Learn about our review process.

Leave a Comment