Hire a trusted professional or service provider with a reputation of security to secure the eCommerce environment. Regularly scan and test eCommerce sites for vulnerabilities or malware.Closely vet utilized Content Delivery Networks (CDN) and other third-party resources.
The skimmer is being added to merchants’ checkout pages using a script tag and its loader will download the skimming code from the C2 server and execute it in memory. Baka exfiltration code ( Visa) Camouflaged as page rendering code “PFD assesses that this skimmer variant avoids detection and analysis by removing itself from memory when it detects the possibility of dynamic analysis with Developer Tools or when data has been successfully exfiltrated.”īaka was detected by Visa on multiple online stores from several countries and it was observed while being injected onto compromised e-commerce stores from the jquery-cyclecom, b-metriccom, apienclavecom, quicdncom, apisquerecom, ordercheckonline, and pridecdncom domains. “The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code,” Visa’s alert reads. Evades detection and analysisīesides the regular basic skimming features like configurable target form fields and data exfiltration using image requests, Baka features an advanced design indicating that it is the work of a skilled malware developer and it also comes with a unique obfuscation method and loader. Last year, Visa discovered another JavaScript web skimmer known as Pipka that quickly spread to the online stores of “at least sixteen additional merchant websites” after being initially spotted on the e-commerce site of North American organizations in September 2019. The credit card stealing script was discovered by researchers with Visa’s Payment Fraud Disruption (PFD) initiative in February 2020 while examining a command and control (C2) server that previously hosted an ImageID web skimming kit.
Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.