A recent trend among hackers has been to hide malicious code in favicons -- those icons you see in the corner of a browser tab. Malwarebytes says that it first assumed the exploit it was researching was a variation on this type of attack, but further analysis revealed it was something else entirely. The company found that the malicious code was loaded via the WooCommerce plugin for WordPress. This is an increasingly popular target among hackers, thanks to its wide market share. When loaded, it grabs payment information, such as the customer’s name, address and credit card details.