According to Microsoft researchers, threat actors are using advanced techniques to hide their info-stealing code while simultaneously siphoning off credit cards information.
The attackers now disguise their code snippets, inject them into image files and disguise them as popular web applications to avoid detection.
Microsoft’s researchers identified an increase in the use of three evasion methods which include inserting the scripts in images, string concatenation and script spoofing.
Script spoofing involves attackers masquerading as Google Analytics or Meta Pixel (Facebook Pixel). Threat actors inject base64-encoded strings inside a fake Google Tag Manager code and trick admins into skipping the inspection, which is possible because admins believe it is part of the site’s default code.
The sources for this piece include an article in BleepingComputer.