Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
Malwarebytes
MAY 13, 2021
The way it is injected in compromised sites is by editing the shortcut icon tags with a path to the fake PNG file. jamal.budunoff@yandex[.]ru ru muhtarpashatashanov@yandex[.]ru The file named Magento.png attempts to pass itself as ‘image/png’ but does not have the proper PNG format for a valid image file. pw thesun[.]pw
Let's personalize your content