Skimmers in Images & GitHub Repos
MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files.
During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites and in booby trapped Magento repos on GitHub.
Our security analyst Keith Petkus found this piece of malware injected on a compromised Magento 2.x site.