Thursday, October 3, 2024
Homecyber securityVisa Warns of JavaScript Skimmer Baka that Steals Payment Card Data

Visa Warns of JavaScript Skimmer Baka that Steals Payment Card Data

Published on

Visa warns of a new e-commerce skimmer dubbed Baka that loads malware dynamically to avoid static malware scanners and unique encryption to obfuscate the malicious code for every client.

Visa Payment Fraud Disruption (PFD) observed this skimmer across several merchant websites across multiple global regions.

Baka JavaScript Skimmer

PFD observed that seven C2 servers hosting the Baka skimming kit, the skimmer includes features that are common for an e-commerce skimmer such as data exfiltration from the target fields.

- Advertisement - EHA

Based on its advanced design Baka believed to be created by a skilled developer, the most compelling features of the skimmer is it’s unique loader and obfuscation method.

The skimmer variant is designed to remove itself from memory when it detects any possibility of dynamic analysis with developer tools, this method is to avoid detection and analysis.

The Baka loader script works dynamically by adding a script tag to the current page that loads the remote JavaScript file.

When the user reaches the checkout page the loader executes the malicious skimming code, then it decrypts the skimming code and executes it in memory. The skimming code executes dynamically so it never present on the merchant’s server or saved to the customer’s computer.

Once the skimmer gets executed it captures the data from the checkout form, it keeps on scanning the fields for every 100 milliseconds. If it fetches the data then it sets a flag called ‘this.load’ indicating the skimmer successfully exfiltrated data.

The last process of the skimmer is cleaning up if the data is exfiltrated successfully it removes the entire skimming code from memory to avoid detection.

Visa asks merchants to regularly scan and test eCommerce sites for vulnerabilities or malware, ensure shopping carts, other services, and all software are upgraded or patched.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Also Read:

Lazarus APT Hackers Attack Japanese Organization Using Remote SMB Tool “SMBMAP” After Network Intrusion

PoetRAT – New Python RAT Attacking Government and Energy Sector Via Weaponized Word Documents

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify...

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Tor Browser 13.5.6 Released – What’s New!

The Tor Project has announced the release of Tor Browser 13.5.6, which is now...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hackers Attacking AI Agents To Hijacking Customer Sessions

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which...

Malicious App On Google Play Steals Cryptocurrency From Android Users

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...