Hackers deploy Linux malware, web skimmer on eCommerce servers
![Lock Code Circular2 Esm W900](/images/articles/900x500/Lock_Code_Circular2-esm-w900.webp)
Attackers are deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites.
The PHP-coded web skimmer (a script designed to steal and exfiltrate customers' payment and personal info) is added and camouflaged as a .JPG image file in the /app/design/frontend/ folder.
The attackers use this script to download and inject fake payment forms on checkout pages displayed to customers by the hacked online shop.