A sophisticated cybersecurity threat has been identified targeting e-commerce platforms running Magento, where attackers employ a clever technique of hiding malicious code within HTML image tags. This credit card stealing malware, known as MageCart, specifically targets online shopping checkout pages.

The malware campaign uses an innovative approach by concealing malicious JavaScript code within Base64-encoded content inside tags. When an image fails to load, the malware exploits the onerror event to execute its harmful code instead of displaying a standard broken image icon. This technique proves particularly effective as image tags typically contain long strings and are generally considered harmless by security systems.

The attack mechanism works in several stages:
– Targets checkout pages specifically
– Waits for users to submit payment information
– Creates a fake form collecting card number, expiration date, and CVV
– Transmits stolen data to external servers

What makes this attack particularly dangerous is its dual achievement:
1. Evading detection by security scanners through clever encoding
2. Maintaining invisibility to end users through seamless form integration

The campaign represents a broader trend in e-commerce attacks, where threat actors increasingly target platforms like Magento, WooCommerce, and PrestaShop with increasingly sophisticated methods to remain undetected while harvesting sensitive payment information.

Security researchers emphasize the importance of maintaining vigilance against such evolving threats, particularly in e-commerce environments where payment information is processed.