According to researchers at Sansec, the skimmer hides in fake social-media buttons, purporting to allow sharing on Facebook, Twitter and Instagram. Cyber attackers are gaining access to websites’ code, and then placing the fake buttons on checkout and e-commerce pages. “The malicious payload assumes the form of an HTML < svg > element, using the < path > element as a container for the payload.
Adding a further element of sneakiness, the malware consists of two parts: The payload code itself, and a decoder, which reads the payload and executes it. Critically, the decoder doesn’t have to be injected into the same location as the payload. The administrator of your personal data will be Threat post, Inc., 500 Unicorn Park, Woburn, MA 01801.