Hackers use pixel-large SVG trick to hide credit card stealer

A sophisticated web skimming campaign has compromised nearly 100 online stores running the Magento e-commerce platform. Attackers are using a novel technique hiding credit card-stealing code within a pixel-sized Scalable Vector Graphics (SVG) image, making the malicious payload extremely difficult to detect. This Magecart-style attack targets payment card data as it is entered by customers during checkout. Online retailers using Magento should immediately audit their code repositories, implement Content Security Policy (CSP) headers, monitor for unauthorized file modifications, and ensure their platforms are running the latest security patches to mitigate this threat.

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]

A sophisticated web skimming campaign has compromised nearly 100 online stores running the Magento e-commerce platform. Attackers are using a novel technique hiding credit card-stealing code within a pixel-sized Scalable Vector Graphics (SVG) image, making the malicious payload extremely difficult to detect. This Magecart-style attack targets payment card data as it is entered by customers during checkout. Online retailers using Magento should immediately audit their code repositories, implement Content Security Policy (CSP) headers, monitor for unauthorized file modifications, and ensure their platforms are running the latest security patches to mitigate this threat. A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...] A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]