{"id":234840,"date":"2026-04-09T02:26:24","date_gmt":"2026-04-09T07:26:24","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer"},"modified":"2026-04-09T02:26:24","modified_gmt":"2026-04-09T07:26:24","slug":"hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer","title":{"rendered":"Hackers use pixel-large SVG trick to hide credit card stealer"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer.jpg\"><\/a><\/p>\n<p>A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image.<\/p>\n<p>When clicking the checkout button, the victim is shown a convincing overlay that can validate card details and billing data.<\/p>\n<p>The campaign was discovered by eCommerce security company Sansec, whose researchers believe that the attacker likely gained access by exploiting the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores\/\" target=\"_blank\" rel=\"nofollow noopener\">PolyShell vulnerability<\/a> disclosed in mid-March.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate card details and billing data. The campaign was discovered by eCommerce security company Sansec, whose [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-234840","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=234840"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234840\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=234840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=234840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=234840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}