Hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon onto compromised e-commerce portals to steal their customers’ credit card and personal information. Magecart groups inject malicious JavaScript-based scripts into checkout pages after hacking them as part of web skimming attacks also known as e-skimming. The attackers went through a lot of trouble to keep their operation from being noticed. The U.S. Federal Bureau of Investigation warned in October 2019 of the threats targeting small and medium-sized businesses.
Source: https://www.bleepingcomputer.com/news/security/hackers-use-website-favicon-to-camouflage-credit-card-skimmer/