Hackers working for financial motives to extract the credit card information of the users is not new. Several methods are being adopted over the span of time to trick users into giving their details. Further progress has been made in this regard. Malwarebytes has identified a new type of attack used for credit card skimming.
It combines two techniques that are already prevalent- homographic domain and infected favicon.
How it works
Homograph Domain is a technique through which the domain name of the targeted website is spoofed. There are characters across different or the same languages that look similar and are non-distinguishable at a glance. These characters are used in creating a similar domain name, which very much looks like. It is easier to deceive a layman utilizing this trick.
The typical way to deliver the link to the target is by emailing it. This trick works most of the time, and the victim falls prey to the plan. But, as per Malwarebytes, in some instances, original websites were hacked and found injected with a code referencing an icon file.
How was it identified
The attackers were targeting more than one victim. These are the target websites that came into the notice of the researchers.
The letter in the red color is the one that was manipulated from the original website address.
The attacker. To make successful attacks happen are employing every possible technique, even a combination of methods (as evident in this case). This has made the identification of malware hard and indetectable.
The type of attacks, like the ones mentioned above, are the ones that need awareness on the part of the users. They have to ensure that they are filling out their information on the legitimate website. They can do so by avoiding accessing the links from third party sources.