iGuRu
Now Reading
Visa warns: Baka new credit card skimmer
iGuRu

Visa warns: Baka new credit card skimmer

Visa has issued a warning for a new JavaScript skimmer known as Baka, which will be erased from memory after the stolen data is removed.

Screenshot 2020 09 07 Visa warns of new Baka credit card JavaScript skimmer - Visa warns: Baka new credit card skimmer

The credit card theft script was discovered by researchers with the Visa's Payment Fraud Disruption (PFD) initiative in February 2020, while examining a command and control server (C2) that hosted a Skaming ImageID kit.

Last year, Visa discovered another skimmer JavaScript known as Pipka which quickly spread to online stores after it was first spotted on an e-commerce site of North American organizations in September 2019.

Avoid detection and analysis

In addition to the standard basic scanning capabilities, such as configurable target form fields and data removal using image requests, Baka has an advanced design that shows that it is the project of a specialized malware programmer and comes with a unique blackout method.

Baka was spotted by Visa in several online stores in various countries and was observed during injection into infringing e-commerce stores from jquery-cycle [.] Com, b-metric [.] Com, apienclave [.] Com, quicdn [. ] com, apisquere [.] com, ordercheck [.] online and pridecdn [.] com domain.

Screenshot 2020 09 07 Visa warns of new Baka credit card JavaScript skimmer1 - Visa warns: Baka new credit card skimmer

The skimmer is added to the merchants' purchase pages, using a script tag, and the loader uses it to download the skimming code from the C2 server to run it in memory.

This allows intruders to make sure that the password used to collect customer data will not be found when parsing files hosted on the merchant's server or client's computer.

Baka is also the first JavaScript malware (detected by Visa) and uses an XOR cipher to disguise the skimming code received from the C2 server.

Screenshot 2020 09 07 Visa warns of new Baka credit card JavaScript skimmer 1 - Visa warns: Baka new credit card skimmer

Visa recommends that member financial institutions, e-commerce merchants, service providers, third party suppliers and resellers refer to the document What to do in a breach (WTDIC) for instructions if their payment systems are breached.

The company also shared the list of bestsellers practices for securing e-commerce platforms, as described by the PCI Security Standards Board.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News

View Comments (0)

Leave a Reply

Your email address Will not be published.

 

iGuRu.gr © 2012 - 2021 Keep it Simple Stupid Custom Theme

Scroll To Top