Baka electronic skimmer can delete itself after data theft
Baka electronic skimmer
Baka has an extended design, indicating the work of an experienced malware developer.
Visa has issued a warning about a new electronic skimmer known as Baka, which deletes itself from memory after retrieving stolen data.
A new scenario of theft of credit card data was discovered by specialists as part of the Visa Payment Fraud Disruption (PFD) initiative in February 2020 while researching a C&C server that previously hosted the ImageID web skimmer kit.
In addition to the usual basic skimming features such as custom target form fields and data theft using image
unique cloaking method and loader.
“The skimmer is loaded dynamically to avoid the use of static malware scanners and uses a unique encryption
settings for each victim to hide malicious code,” Visa said in a warning.
This skimmer option avoids detection and analysis by removing itself from memory when it detects dynamic
analysis capability using developer tools or when data has been successfully deleted.
Visa specialists found Baka in several online stores in different countries. The skimmer is added to the .merchant’s checkout pages using a script tag, and its loader downloads the skimming code from the C&C server
and executes it in memory.
This allows cybercriminals to be sure that the skimming code used to collect customer data will not be
found when analyzing files located on the seller’s server or the buyer’s computer.
Baka is also the first JavaScript skimming malware detected by Visa that uses the XOR cipher to obfuscate the scan code downloaded from the C&C server and any encrypted values.
You can also buy instant:
Cashapp Money Transfer Click here
Paypal Money Transfer Click here
Western Union Money Transfer Click here
Venmo Money Transfer Click here
Bank Money Transfer Click here to Contact Us