Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons May 14, 2021Ravie Lakshmanan Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaS...

Cyber Security News

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons
May 14, 2021Ravie Lakshmanan

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. “These web shells known as Smilodon or Megalodon are used to dynamically load JavaScript skimming code via server-side requests into online stores,” Malwarebytes Jérôme Segura said in a Thursday write-up. “This technique is interesting as most client-side security tools will not be able to detect or block the skimmer.” Injecting web skimmers on e-commerce websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems. Also known as formjacking attacks, the skimmers take the form of JavaScript code that the operators stealthily insert into an e-commerce website, often on payment pages, with an intent to c