• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows 11
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress
You are here: Home / Technology News / Visa warns of new Baka credit card JavaScript skimmer

Visa warns of new Baka credit card JavaScript skimmer

September 6, 2020 by bartez64

Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.

The credit card stealing script was discovered by researchers with Visa’s Payment Fraud Disruption (PFD) initiative in February 2020 while examining a command and control (C2) server that previously hosted an ImageID web skimming kit.

Last year, Visa discovered another JavaScript web skimmer known as Pipka that quickly spread to the online stores of “at least sixteen additional merchant websites” after being initially spotted on the e-commerce site of North American organizations in September 2019.

Evades detection and analysis

Besides the regular basic skimming features like configurable target form fields and data exfiltration using image requests, Baka features an advanced design indicating that it is the work of a skilled malware developer and it also comes with a unique obfuscation method and loader.

“The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code,” Visa’s alert reads.

“PFD assesses that this skimmer variant avoids detection and analysis by removing itself from memory when it detects the possibility of dynamic analysis with Developer Tools or when data has been successfully exfiltrated.”

Baka was detected by Visa on multiple online stores from several countries and it was observed while being injected onto compromised e-commerce stores from the jquery-cycle[.]com, b-metric[.]com, apienclave[.]com, quicdn[.]com, apisquere[.]com, ordercheck[.]online, and pridecdn[.]com domains.

Baka exfiltration code
Baka exfiltration code (Visa)

Camouflaged as page rendering code

The skimmer is being added to merchants’ checkout pages using a script tag and its loader will download the skimming code from the C2 server and execute it in memory.

This allows the attackers to make sure that the skimming code used to harvest the customers’ data isn’t found while analyzing files hosted on the merchant’s server or the customer’s computer.

“The skimming payload decrypts to JavaScript written to resemble code that would be used to render pages dynamically,” Visa explained.

“The same encryption method as seen with the loader is used for the payload. Once executed, the skimmer captures the payment data from the checkout form.”

Baka is also the first JavaScript skimming malware spotted by Visa to use an XOR cipher to obfuscate the skimming code downloaded from the C2 and any hard-coded values.

Baka loader
Baka loader (Visa)

Best practices and mitigation measures

Visa recommends member financial institutions, e-commerce merchants, service providers, third-party vendors, integrator resellers to refer to its What to do if Compromised (WTDIC) document for guidance if their payment systems get compromised.

The company also shared the list of best practices for securing e-commerce platforms as outlined by the PCI Security Standards Council.

Additionally, Visa provides this list of mitigation actions that should prevent threat actors from compromising online stores to deploy JavaScript payment card skimming scripts:

• Institute recurring checks in eCommerce environments for communications with the C2s.
• Ensure familiarity and vigilance with code integrated into eCommerce environments via service providers.
• Closely vet utilized Content Delivery Networks (CDN) and other third-party resources.
• Regularly scan and test eCommerce sites for vulnerabilities or malware. Hire a trusted professional or service provider with a reputation of security to secure the eCommerce environment. Ask questions and require a thorough report. Trust, but verify the steps taken by the company you hire.
• Regularly ensure shopping cart, other services, and all software are upgraded or patched to the latest versions to keep attackers out. Set up a Web Application Firewall to block suspicious and malicious requests from reaching the website. There are options that are free, simple to use, and practical for small merchants.
• Limit access to the administrative portal and accounts to those who need them.
• Require strong administrative passwords(use a password manager for best results) and enable two-factor authentication.
• Consider using a fully hosted checkout solution where customers enter their payment details on another webpage hosted by that checkout solution, separate from the merchant’s site. This is the most secure way to protect the merchant and their customers from eCommerce skimming malware.

Original Article

Twitter Facebook Pinterest Linkedin WhatsApp

Related posts:

  1. A new Minecraft: Bedrock Edition patch update is rolling out to all players
  2. The Best E-Commerce Platforms
  3. 8 Best Payment Methods For Your Ecommerce Site
  4. 20 Free Ecommerce Icon Sets for Navigation, Design
  5. The Ultimate Guide to Ecommerce
  6. The Best Ecommerce Website Builder
  7. The Definitive Guide to JavaScript SEO (2021 Edition)
  8. Ultimate List of Ecommerce Tools For 2020
  9. Ultimate List of Ecommerce Tools For 2020
  10. Best Credit Card Processing Services

Filed Under: Technology News Tagged With: card, javascript, visa, warns

Primary Sidebar

Trending

  • FIX: Microsoft Store error code 0x80d02017
  • How To Extract & Install tar.gz Files In Ubuntu
  • 8 Best Sites to Read Manga Online for Free
  • Exclamation Mark on Network Signal, Mobile Data Not Working? 8 Ways to Fix
  • 3 Ways to Disable GetApps on Xiaomi, Redmi, and Poco Phones Running MIUI
  • How to find a lost Apple Pencil using your iPad (1st and 2nd gen)
  • How to Track a Stolen or Lost Nintendo Switch
  • How Much Data is Consumed by Zoom, Google Meet, Skype, Microsoft Teams, Slack and Hangouts?
  • Samsung TV model numbers explained 2022: What you need to know about Samsung’s OLED, Mini LED, QLED and LCD televisions
  • 7 Ways to Save an Image From Google Docs
  • Microsoft Edge’s newest feature? Shopping in Microsoft Edge
  • How to lock Shape, Image or Objects in Microsoft PowerPoint
  • How To Fix No Sound On YouTube
  • How to Make Any Wired Printer Wireless in 6 Different Ways
  • NVSlimmer: remove unwanted components from Nvidia drivers
  • How To Enable Or Disable Snipping Tool In Windows 10
  • [Working] Remove Blue Circle From Your Samsung Phone Touchscreen
  • How to change the time on your Fitbit

Footer

Tags

Amazon android Apple Asus available download: edge feature features first free from galaxy Game games gaming gets google install Intel iPhone launches linux Microsoft more OnePlus phone release released review: samsung series support this Ubuntu update using video watch what will windows with xbox your

Archives

  • December 2023
  • November 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org