Hackers hiding cred-card skimmers in Image metadata online

Crims finding ever more ingenious ways to part you from your hard-earned cash

Last Updated on

Over the years we have probably all become accustomed to watching out for credit card skimmers at ATMs.

Small devices are hidden into the machine and generally covered up in some way so that the unaware or distracted accidentally end up handing over their card details to the bad guys.

Times move on though and now it seems we are facing the prospect of ‘virtual’ card skimmers tucked away in the metadata of image files on compromised online storefronts.

Security company Malwarebytes blogged that they had found a web skimmer hiding in the EXIF file (the file that accompanies an image and provides details on exposure, camera type, focal range, and the like).

“We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores. This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot.

During this research, we came across the source code for this skimmer which confirmed what we were seeing via client-side JavaScript. We also identified connections to other scripts based on various data points.”

The sites identified all use the incredibly popular webstore app WooCommerce as increasingly coming under threat from the exploit.

The Malwarebytes blog is pretty technically intense but serves as a warning we need to be increasingly vigilant. Chances are we wouldn’t even routinely notice anything suspicious here but it should be a nudge to keep a close eye on our bank transactions and report any unusual activity immediately. Things like suspicious small amounts being removed. Criminals generally like to check the account works before cleaning it out.

Let’s keep our eyes open out there.