Cybercriminals often come out with a plethora of new deception methods to launch savage attacks while flying under the radar. The latest find-out by cybersecurity solution provider Malwarebytes has found out a new deception technique used with a credit card skimming operation.
Through the method, the con artists designed a fully-fledged icon site with a plan to hack the websites and steal credit card related information.
Impersonated website
The US-based cybersecurity company has found that the con-artists developed a new icon hosting website as their deceiving trick. However, the site MyIcons.net doesn't have any malicious code into it. While analysing, the researchers found many hacked e-commerce sites downloading their favicon or the icon shown on the browser tab from this site.
Trick under the favicon
The analysts scanned all the FabIcons on each page of the hacked websites. They didn't found anything suspicious except instances of the web skimming code which was getting loaded on the compromised sites. While analysing each page from these sites, the Malwarebytes researchers found that the icon hosting website was loading a legitimate icon for each page except one.
The page where a buyer checks out by inputting their card or other financial details for executing payments. The researchers found that instead of loading a legitimate favicon for this page, the con-artists runs a malicious JavaScript file to execute an impersonated check out page to steal financial credentials. "This content is loaded dynamically in the DOM to override the PayPal checkout option with its own drop-down menu for MasterCard, Visa, Discover and American Express," writes the blog.
Ripping off
Malwarebytes researchers found that the MyIcons.net site was registered day back and stole all the content from a legitimate website hosted at iconarchive.com. The spoofed version of iconarchive.com looks so authentic that even the website admins got confused while inspecting the code. The reference to the icon hosting website for downloading the favicon seemed quite genuine to them.
Besides ripping the financial data, the web skimmer (or credit card skimmer) steals victims personal information too including their name, address, phone number and email address.