Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Favicon EXIF Data

A skimming operation was discovered hiding malicious code within EXIF metadata on multiple websites to steal names, credit card data, and billing addresses from input fields on the infected sites. The stolen information is Base64 encoded and exfiltrated as an image file to the attacker's command and control servers. The campaign has ties to the Magecart Group who has been in operation for many years and have attacked multiple high-profile organizations in the past.
Name Modified Date Sources
Operation Favicon EXIF Data 2020-07-16