202/69 Friday, April 10, 2026
Cybersecurity researchers have uncovered a campaign targeting nearly 100 online stores running Magento, where attackers use a highly stealthy technique by embedding credit card–stealing code inside 1×1 pixel SVG image files. These images are virtually invisible to users and difficult for traditional security scanners to detect. The attack leverages a critical vulnerability known as PolyShell, disclosed in mid-March, which allows attackers to compromise systems and inject malicious web skimmer code without authentication.
Analysis of the injected JavaScript shows that when customers click the checkout button, the malicious code intercepts the normal workflow and replaces it with a convincing fake payment page. Victims are tricked into entering their card details and personal information, which are immediately validated using the Luhn algorithm to ensure the card numbers are legitimate. The data is then encrypted and transmitted to attacker-controlled servers located in the Netherlands, enabling large-scale data theft without the victim’s awareness during the transaction process.
Currently, Adobe has not yet released a full security patch for this vulnerability in stable versions, with fixes only available in testing releases. Security experts recommend that website administrators urgently inspect system files for suspicious SVG tags (e.g., functions like atob() or onload), check for unusual keys in browser local storage, and monitor outbound connections to unfamiliar domains. For general users, it is advised to watch for anomalies in payment pages and, where possible, use payment methods with enhanced security features or multi-factor authentication to reduce risk.