Hackers have come up with a sneaky way to steal payment card data from compromised online stores. Instead of sending the card info to a server they control, hackers hide it in a JPG image and store it on the infected website. Researchers at website security company Sucuri found the new exfiltration technique when investigating a compromised online shop running version 2 of the open-source Magento e-commerce platform. Almost all data submitted on the checkout page is present in the Customer_ parameter, which includes payment card details, phone number, and postal address.
Source: https://www.bleepingcomputer.com/news/security/hackers-hide-credit-card-data-from-compromised-stores-in-jpg-file/