1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Now that's different - hackers use miniature SVG images to try an

    From TechnologyDaily@1337:1/100 to All on Thu Apr 9 16:30:25 2026
    Now that's different - hackers use miniature SVG images to try and hide
    credit card stealer

    Date:
    Thu, 09 Apr 2026 15:25:00 +0000

    Description:
    Card skimmers were found in 1x1 pixel SVG images, apparently deployed through PolyShell.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Experts find credit card skimmer hidden in
    1x1 SVG image Fake Secure Checkout overlay stole card data Likely exploited Magento PolyShell flaw, affecting many stores Security researchers recently found a credit card skimmer on almost a hundred compromised ecommerce
    websites hiding in a tiny image.

    Experts from Sansec reported finding 1x1-pixel Scalable Vector Graphics (SVG) elements with an onload handler inside many e-commerce websites HTML. The onload handler contains the entire skimmer payload, base64-encoded inside an atob() call and executed via setTimeout, the researchers said. They explained that with this technique, the attackers did not have to create external
    script references that usually get picked up by security scanners. The entire malware lives inline, encoded as a single string attribute. Article continues below You may like Huge numbers of web stores are facing attack from this dangerous new malware Canada Computers & Electronics reveals data breach - customer data exposed, here's what we know 'Cybercriminals are
    industrializing deception': new report reveals how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk -
    here's what you need to know Leveraging PolyShell People who would try to buy something from these websites would, during checkout, be presented with a
    fake Secure Checkout overlay that includes card details fields and a billing form.

    Everything they would submit this way would then be validated in real-time using the Luhn verification, and then sent to an attacker-controlled server
    in an XOR-encrypted, base64-obfuscated JSON format.

    The researchers found a total of six domains used for data exfiltration, all of which were hosted in the Netherlands. Each was getting data from up to 15 confirmed victims.

    Discussing how the websites may have been compromised, Sansec said it was possible that the attackers leveraged PolyShell, a vulnerability plaguing stable version 2 installations of Magento Open Source and Adobe Commerce, which was discovered in mid-March this year. Sansec, who were also the ones
    to discover PolyShell, warned about ongoing attacks at the time. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Mass exploitation of PolyShell started on March 19th, and Sansec has now
    found PolyShell attacks on 56.7% of all vulnerable stores, Sansec said, without giving a raw number of targeted sites.

    Adobe patched it, but the fix was only available in the second alpha release for version 2.4.9, meaning production versions remained vulnerable.

    This remains the case today, and Sansec recommends users hunt for hidden SVG tabs, as well as monitor and block traffic coming from the attackers servers.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/now-thats-different-hackers-use-miniatu re-svg-images-to-try-and-hide-credit-card-stealer


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)