A sophisticated cyberattack campaign targeting e-commerce websites has been discovered, where criminals cleverly conceal credit card stealing malware within HTML image tags. This new technique allows attackers to harvest sensitive payment data while avoiding detection.
The malware, known as MageCart, specifically targets online shopping platforms, with a focus on sites running the Magento e-commerce system. Rather than using obvious malicious code, the attackers hide their skimming software inside what appears to be regular image elements on checkout pages.
"The malware disguises itself inside an tag, making it easy to overlook since these tags commonly contain long strings of code for image paths," explains security researcher Kayleigh Martin from Sucuri.
The attack exploits the "onerror" event that normally handles failed image loads. When an image fails to load, instead of displaying the usual broken image icon, the malicious JavaScript code activates and begins collecting payment information.
The criminals have designed their system to specifically target checkout pages. When unsuspecting shoppers enter their credit card details and click submit, the malware captures the card number, expiration date, and CVV security code, sending this sensitive data to external servers controlled by the attackers.
This technique proves particularly effective because image tags are typically considered harmless by security systems and website administrators. The malware also creates a convincing fake payment form that appears identical to legitimate checkout pages, leaving victims unaware their data is being stolen.
Security experts advise e-commerce site owners to carefully inspect their site code for suspicious image tags, particularly those containing encoded content or unusual error handling functions. Regular security scans and updates remain critical for protecting online shops and their customers from these evolving threats.