Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka used to siphon payment data from e-commerce merchant websites.
Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka that was used by crooks to steal payment data from e-commerce merchant websites.
Experts discovered the Pipka while investigating an e-commerce website that was previously infected with the Inter JavaScript skimmer. Unlike other skimmers, Pipka has the ability to remove itself from the compromised HTML code after execution, in an effort to avoid detection, Visa notes in a security alert (PDF).
“In September 2019, Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce merchant websites. PFD is naming the skimmer Pipka, due to the skimmer’s configured exfiltration point at the time of analysis (as shown below in the Pipka C2s).” reads the advisory published by VISA. “Pipka was identified on a North American merchant website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least sixteen additional merchant websites compromised with Pipka.”
Similar to Inter, Pipka allows configuring which fields in the target forms it will parse and extract. The skimmer software is able to capture payment account number, expiration date, CVV, and cardholder name and address, from the checkout pages of the targeted sites.
In the cases investigated by PFD, the skimmer was configured to check for the payment account number field. Data captured by the skimmer is base64 encod ..
Support the originator by clicking the read the rest link below.
