Web skimmers behind site icons

Web skimmers behind site icons

This article is presented for informational purposes only and does not constitute a call to action. All information is aimed at protecting readers from illegal actions.

A new Malwarebytes report reveals one such group that has taken web skimming to the next level. Experts identified it during the investigation of a series of strange hacks, during which the only thing hackers did on the compromised resources was to change favicons (website icons).

As explained in the Malwarebytes report, MyIcons.net served up a valid icon file for all pages on the site except for the checkout form pages. On these pages, MyIcons.net quietly replaced the icon with a malicious JavaScript file that creates a fake checkout form and steals credit card details.

The owners of one such hacked site visited MyIcons.net and saw that it was a complete icon hosting portal. Nothing aroused their suspicions. Nevertheless, as Malwarebytes experts have discovered, MyIcons.net is a clone of the legitimate IconArchive.com portal, designed to mask malicious activity.

Building an entire hosting portal is something new for web skimmers, although the technique has long been used by groups specializing in other types of cybercrime.


ORIGINAL PAGE – Go to open the original article


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: