Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.

MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to employ a wide range of techniques – both on client- and server-side – to compromise websites and deploy credit card skimmers to facilitate theft.

Typically, such malware is only triggered or loaded when users visit the checkout pages to enter credit card details by either serving a fake form or capturing the information entered by the victims in real time.

The term MageCart is a reference to the original target of these cybercrime groups, the Magento platform that offers checkout and shopping cart features for online retailers. Over the years, such campaigns adapted their tactics by concealing malicious code through encoding and obfuscation within seemingly harmless sources, such as fake images, audio files, favicons, and even 404 error pages.