Baka Skimmer

Credit card skimmers used to be exclusive malware pieces that were crafted to work on particular Point-of-Sale (PoS) devices or automated teller machines specifically. However, as online shopping's acceptance grew, cybercriminals decided that exploring digital credit card skimmers is a viable project – this gave birth to bold projects like the newly identified Baka Skimmer. The threat, first reported by VISA, is a digital skimmer that uses advanced tricks to evade automatic security tools and malware detection software.

According to the report published by VISA's cybersecurity team, the Baka Skimmer was discovered when researching the network infrastructure of another infamous skimmer called ImageID JS-sniffer. Both threats appeared to share the same Command and Control servers, but the Baka Skimmer caught their attention because of the large portion of anti-detection and evasion techniques it employs. Clearly, the malware is a product of highly skilled and experienced developers.

Baka Skimmer can Operate from Memory to Evade Detection

In terms of functionality, the Baka Skimmer does not bring any innovations – its operators need to compromise a website's security to plant the corrupted code on the payment page that future customers will use. The payment and information skimmed from the compromised payment page are then transferred to the control server via specially crafted images and network requests.

One of Baka Skimmer's unique self-preservation features is its ability to start operating from the memory if it identifies any malware analysis or developer tools being launched on the compromised host. Online merchants should keep websites and their customers safe by applying the latest updates to all Internet-connected software and services, as well as by ensuring that their website's security is up to today's standards.