Researchers from Sucuri discovered the tactic, which hides malicious activity until the info can be retrieved, during an investigation into a compromised Magento 2 e-commerce site. Magecart attackers have found a new way to hide their nefarious online activity by saving data they ve skimmed from credit cards online in a.JPG file on a compromised site. The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner.
Source: https://threatpost.com/magecart-attackers-stolen-data-jpg/164815/
