December 11, 2023

Skimming attacks have lately been on the rise with entirely new pieces of malware coming out and even new variants of existing ones. This makes sense since they are very lucrative offering attackers a suitable way to steal payment information.

A new type of attack has been discovered by cybersecurity company Sancec which consists of multiple components comprising a payload and a decoder.

The method focuses on injecting the malicious payload into images of social media icons that are usually available on websites for users to easily share the page’s content. These icons are of famous networks such as:


The fact that such tech giants are involved makes it very difficult for a malware scanner to detect any suspicious code. Explaining, the researchers state in their blog post that,

The malicious payload assumes the form of an html element, using the element as a container for the payload. The payload itself is concealed utilizing syntax that strongly resembles correct use of the element. To complete the illusion of the image being benign, the malware’s creator has named it after a trusted social media company.

The malicious code to be executed, the presence of a “decoder” is necessary – not at the same location as the payload itself though helping it hide even better:

The threat looks far more severe. Nevertheless, for the future, we could say things are getting pretty complex and we can only look towards such security companies to constantly update their solutions to guard websites and applications.

Moreover, we should live with the maxim that absolutely anything can be a malicious object, even a plain text file.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.