Beware! New Steganography-based credit card readers target online retail shops.
- As per a report by Malwarebytes Lab, a new credit card skimmer is spotted, and the victims are the online retail shops.
- Cyber criminals are making use of WebSockets to create a secret way to exchange data that is not a usual HTTP request-response.
Steganography has been used by malware authors to hide malicious data with the help of legitimate-looking images, and now it is being misused by cybercriminals to spread credit card skimmers.
More on the matter
Here comes the twist
Researchers explain, “Threat actors are deploying WebSockets to provide a more mysterious way to exchange data. However, cybercriminals don’t have to load new WebSockets that are likely to be detected in the DOM.
Researchers also mention that here the threat actors were smart enough to confuse by writing the code with precision to blend seamlessly.
Now the objective is to secure a connection to the server that is controlled by criminals over a WebSocket. And literally a handshake is enough to carry out the fraud.