A group of hackers, known as Magecart Group 12, who has been known to target online shops and e-commerce websites, has now added malicious PHP web shells masked as favicons to their arsenal, Malwarebytes reports.
Researchers say many e-commerce shops are vulnerable to these attacks because their owners have not upgraded their content management software (CMS) for a long time.
The PHP-based web shell malware is masked as a favicon and hidden into the targeted sites with a path. The web shell can obtain the next-stage payload from a remote location. After which attackers use a credit card skimmer that is similar to variants used in Cardbleed attacks.
Skimming attacks has become a lucrative business for cyber criminals recently. Organizations are advised to implement protective measures that are geared toward detecting and stopping skimming attacks.