- Threat actors are particularly using WebSockets to provide a more covert way to exchange data than typical HTTP request-responses.
Steganography has long been used by malware authors to hide malicious data within legitimate-looking images and currently, it is being used by cybercriminals to spread credit card skimmers.
What is the matter?
According to a report from Malwarebytes Lab, a new steganography-based credit card skimmer has been spotted that targets online retail shops.
An interesting twist
It is also noted that threat actors are particularly using WebSockets to provide a more covert way to exchange data than typical HTTP request-responses.
“The attackers do need to load a new WebSocket and that can be detected in the DOM. However, they were clever to obfuscate the code nicely enough that it completely blends in,” researchers explain.
The goal is to conceal a connection to a server controlled by the criminals over a WebSocket. A handshake is enough to steal data