Baka has an extended design, indicating the work of an experienced malware developer.

Visa has issued a warning about a new electronic skimmer known as Baka, which deletes itself from memory after retrieving stolen data.

A new scenario of theft of credit card data was discovered by specialists as part of the Visa Payment Fraud Disruption (PFD) initiative in February 2020 while researching a C&C server that previously hosted the ImageID web skimmer kit.

In addition to the usual basic skimming features such as custom target form fields and data theft using image

requests, Baka has an advanced design indicating the work of an experienced malware developer, as well as a

unique cloaking method and loader.

“The skimmer is loaded dynamically to avoid the use of static malware scanners and uses a unique encryption

settings for each victim to hide malicious code,” Visa said in a warning.

This skimmer option avoids detection and analysis by removing itself from memory when it detects dynamic

analysis capability using developer tools or when data has been successfully deleted.

Visa specialists found Baka in several online stores in different countries. The skimmer is added to the .merchant’s checkout pages using a script tag, and its loader downloads the skimming code from the C&C server

and executes it in memory.

This allows cybercriminals to be sure that the skimming code used to collect customer data will not be

found when analyzing files located on the seller’s server or the buyer’s computer.

Baka is also the first JavaScript skimming malware detected by Visa that uses the XOR cipher to obfuscate the scan code downloaded from the C&C server and any encrypted values.

You can also buy instant:

Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us