According to experts from Microsoft, the attackers disguised the skimming script by encoding it into a PHP script embedded in the image file. With this trick, malicious code is executed when the index page of the site is loaded. Some skimming scripts also included debugging protection mechanisms.
Web skimming is a criminal method of collecting payment information from website visitors during checkout. Scammers use vulnerabilities in e-commerce platforms and CMS to implement a skimming script on an e-store page. In some cases, attackers can exploit vulnerabilities in installed third-party plugins and themes to inject malicious scripts.
At the conclusion of the report, Microsoft experts recommend that organizations update CMS and installed plugins to the latest versions and make sure that all third-party plugins and services are downloaded only from reliable sources.