At the onset of its investigation, Malwarebytes’ threat analysis team thought it might be another case of a credit card skimmer masquerading as a favicon but further digging uncovered something entirely different.
Rather than hiding malicious code used to steal credit card information in a website’s favicon, the hackers had embedded it within the metadata of an image file which then gets covertly loaded by a compromised online store.
EXIF, short for Exchangeable Image File Format, is metadata that is often associated with a digital image. It is used to convey useful information about a photo, such as the camera settings and hardware that was used to create it.
In an interesting twist, the collected data is then loaded back into an image file for the hacker to collect. This and other steps are likely performed to reduce the chances of the attack raising suspicion.
Share this article: