Thursday, March 28, 2024

Pipka – New JavaScript Skimmer that Attacks eCommerce Website to Steal Payment Card Details

A new JavaScript skimmer dubbed Pipka attacks eCommerce websites to steal the payment data entered into online payment forms of the websites. It extracts details such as payment account number, expiration date, CVV, and cardholder name and address, from the checkout pages.

The Pipka found to be installed on more than sixteen eCommerce websites, the attack campaign detected by Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program.

Pipka Play Around Stealthy

The use of web skimmers emerges as a turnkey business for cybercriminals and they continue to target online stores to exfiltrate users’ payment card details.

Pipka has a special ability when compared to other online skimmers, it is capable of removing itself from the HTML codes of the compromised website once it completes the execution.

This new interesting feature gives pipka an ability to play around stealthy and it marks a significant development in JavaScript skimming.

Threat actors behind pipka inject the skimmer script directly into the targeted eCommerce website, once executed it harvests data from the forms entered. The harvested data is base64 encoded and encrypted using ROT13 cipher.

Before sending the data to the attacker server, it checks for the uniqueness of the data string to avoid duplicate data. The following are the targeted payment account number fields.

  • authorizenet_cc_number
  • ctl00_PageContent_tbCardNumber
  • input-cc-number
  • cc_number
  • paypal_direct_cc_number
  • ECommerce_DF_paymentMethod_number
  • input[id$=\x27_CardNumber\x27]

PFD found Pipka on the North American merchant website that was previously infected by Inter, another JavaScript skimmer.

Pipka
Pipka Sample Script

Pipka lets attackers customize for specific form fields to skim data. One Sample observed by PFD “target two-step checkout pages that collect billing data on one page and payment account data on another.”

Another notable feature is anti-forensics ability, whenever the skimmer executes it calls for a start process function, which all calls for a clear function ability. The clear function locates for the skimmer script tag and removes it immediately.

This function makes analysis so difficult as the script gets removed immediately and it is the first time self-cleaning feature available with JavaScript skimmers.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles