Credit Card Fraud via Steganography
Credit card fraud is getting more sophisticated these days. It is almost passe to hack a payment module that will then email the card details to your “anonymous” gmail account. Now they are being embedded in images which the hacker can view on site itself.
Want to know how data can be embedded in an image? Well it’s called steganography and you can read more about it here. But most hackers are not worry about encryption. They are simply stored the raw data that can only be seen when magnified.
How do you know if it has happened on your site? Well if you are using Magento it would seem you are a likely target. Tools like MageReport are not going to help you. You really need to manually audit your checkout code including your payment modules to ensure they have not been modified. In particular, you need to look for that might be emailing to a hard coded email address or storing credit card data in an image such as this.