Cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on hacked websites. Magecart attacks typically work by inserting malicious code into a compromised site, which surreptitiously harvests and sends user-entered data to a cybercriminal’s server, thus giving them access to shoppers’ payment information. In a separate technique, it’s possible to pilfer data from the browser by leveraging dns-prefetch, a latency-reducing method used to resolve DNS lookups.
Source: https://thehackernews.com/2020/06/image-credit-card-skimmers.html