Malwarebytes found an online store using the WordPress WooCommerce plugin was found to be infected with a Magecart script to steal customer’s credit cards. These types of attacks are called Magecart and have been used on websites for well-known companies such as Claire’s, Tupperware, Smith & Wesson, Macy’s, and British Airways. These attacks are not contained directly to the site but in the EXIF data for a remote site’s favicon image to evade detection. As these malicious card stealing scripts are not on the hacked site itself, it is more difficult for security software or even web developers to notice that something may be wrong.
Source: https://www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/