Cybercrime groups have been experimenting with hiding web skimmers inside various locations of an online store, and have recently been implanting the malicious code inside the CSS files of target sites. The web skimmers are also known as Magecart scripts and aim to steal credit card information. Cyberattackers also hide the skimmers behind images, or hidden inside site widgets such as live chat support windows.
The shift to hiding web skimmers inside CSS files is likely fueled by the fact that CSS files contain descriptive code that documents the colors of page elements, text size, and other aesthetics of the site. CSS is a powerful utility that web developers leverage to create powerful animations using little to no JavaScript. Although the CSS disguise is likely a recent experiment, researchers have found several victim stores being attacked through this method, which is harder to detect.
Read More: Hackers hide web skimmer inside a website’s CSS files