"Attackers Invent New Evasion Techniques to Conceal Web Skimmer Activity"
A security researcher at Malwarebytes recently reported the discovery of the first payment card skimmer to use steganography to evade detection. There has been an increase in the use of steganography to hide and deliver malicious data. Digital steganography refers to the covert communication of data via unsuspected formats such as image files, video clips, and audio files. Steganography differs from cryptography because the method hides the communication of data in addition to the data itself. The skimmer found by the researcher used an image of a free shipping ribbon commonly seen on shopping sites to conceal malicious JavaScript code. According to the same security researcher, some digital attackers are now using the WebSockets communications protocol instead of HTML to exchange data with skimmers, using a single TCP connection. This article continues to discuss the discovery of a payment card skimmer and its use of steganography, as well as the increased use of new techniques for web skimmers and how security professionals can defend against evasive attacks.