28 C
Jaipur
Friday, October 30, 2020

Visa Warns of JavaScript Skimmer Baka that Steals Payment Card Data

Must read

The smallest hope of PUBG Mobile returning back to Google Play Store is going away on October 30 – Gaming News

The government of India banned 118 mobile apps including PUBG Mobile and PUBG Mobile Lite back in September under Section 69A of Information Technology...

Flipkart quiz October 30, 2020: Get answers to these questions to win Flipkart super coins, discount vouchers and other gifts

Flipkart is back with another edition of its daily trivia. The quiz starts daily at 12am and runs till 12pm. The quiz offers...

amazon app quiz: Amazon app quiz October 30, 2020: Get answers to these five questions to win Rs 15,000 in Amazon Pay balance

As part of today’s app quiz, Amazon is giving a chance to win Rs 15,000 in Amazon Pay balance. Daily...

Visa warns of a new e-commerce skimmer dubbed Baka that loads malware dynamically to avoid static malware scanners and unique encryption to obfuscate the malicious code for every client.

Visa Payment Fraud Disruption (PFD) observed this skimmer across several merchant websites across multiple global regions.

Baka JavaScript Skimmer

PFD observed that seven C2 servers hosting the Baka skimming kit, the skimmer includes features that are common for an e-commerce skimmer such as data exfiltration from the target fields.

Based on its advanced design Baka believed to be created by a skilled developer, the most compelling features of the skimmer is it’s unique loader and obfuscation method.

The skimmer variant is designed to remove itself from memory when it detects any possibility of dynamic analysis with developer tools, this method is to avoid detection and analysis.

The Baka loader script works dynamically by adding a script tag to the current page that loads the remote JavaScript file.

When the user reaches the checkout page the loader executes the malicious skimming code, then it decrypts the skimming code and executes it in memory. The skimming code executes dynamically so it never present on the merchant’s server or saved to the customer’s computer.

Once the skimmer gets executed it captures the data from the checkout form, it keeps on scanning the fields for every 100 milliseconds. If it fetches the data then it sets a flag called ‘this.load’ indicating the skimmer successfully exfiltrated data.

The last process of the skimmer is cleaning up if the data is exfiltrated successfully it removes the entire skimming code from memory to avoid detection.

Visa asks merchants to regularly scan and test eCommerce sites for vulnerabilities or malware, ensure shopping carts, other services, and all software are upgraded or patched.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Also Read:

Lazarus APT Hackers Attack Japanese Organization Using Remote SMB Tool “SMBMAP” After Network Intrusion

PoetRAT – New Python RAT Attacking Government and Energy Sector Via Weaponized Word Documents

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

The smallest hope of PUBG Mobile returning back to Google Play Store is going away on October 30 – Gaming News

The government of India banned 118 mobile apps including PUBG Mobile and PUBG Mobile Lite back in September under Section 69A of Information Technology...

Flipkart quiz October 30, 2020: Get answers to these questions to win Flipkart super coins, discount vouchers and other gifts

Flipkart is back with another edition of its daily trivia. The quiz starts daily at 12am and runs till 12pm. The quiz offers...

amazon app quiz: Amazon app quiz October 30, 2020: Get answers to these five questions to win Rs 15,000 in Amazon Pay balance

As part of today’s app quiz, Amazon is giving a chance to win Rs 15,000 in Amazon Pay balance. Daily...

​Amazon sale: Power banks, earbuds and other accessories available at up to 88% discount

​Amazon sale: Power banks, earbuds and other accessories available at up to 88% discount Source link