Inter
Skimming used to be a crime that targeted Automated Teller Machines (ATMs) exclusively – the criminals behind these operations would add a difficult-to-notice hardware piece to the ATM, and it would enable them to collect the credit card data of every customer that opted to use the booby-trapped ATM. However, the past few years of cybercrime has shown us that there is skimming on the horizon – the online skimming. Online skimmers are usually small pieces of JavaScript code that get inserted into the checkout page of a hacked website. This does not make any obvious changes to the site's functionality and layout, but it does enable the criminals behind the attack to store the payment details of all of the store customers silently. Magecart was one of the first major online skimming operations to be discovered by malware researchers, but it seems that other threat actors are experimenting with this interesting attack type. The latest JavaScript-based skimmer goes by the name 'Inter,' and it appears to fall in the so-called 'commodity malware' category – this means that it is being sold freely to anyone willing to pay the price.
The Commodity JavaScript Skimmer Goes on Sale for $1,300
Allegedly, the Inter JavaScript skimmer is being sold for around $1,300, and all buyers get access to all of the threat's features. Of course, they get just the skimming script – this means that they will still need to find a vulnerable website that can be manipulated to include the Inter skimmer.
It appears that the Inter JavaScript skimmer contains several modules that serve similar purposes. The first one is a loader whose purpose is to ensure that the skimmer loads correctly – it uses a popular anti-debugging tool to prevent the skimmer from launching in controlled environments used for malware debugging. The loader also performs checks every 0.5 seconds to see if the page has loaded fully, and only begins loading the skimmer's code if this requirement is met.
The Inter Skimmer can Scrape Credit Card Data or Display Fake Payment Forms
After running, the Inter JavaScript skimmer can use two tricks to obtain sensitive information from the checkout page – it can collect the form data found in HTML tags like 'input,' 'select' and 'textarea.' An alternative method it uses to obtain credit card details is to insert a fake payment form that the victim is asked to fill out. Of course, all the contents from the latter form will not be used to complete the payment and, instead, it will be transferred to the attacker's server. According to the advertisements for the Inter JavaScript skimmer, it supports 18 big payment vendors, but its developers promise to expand its list of features and supported payment vendors continuously.
The Inter JavaScript skimmer has a rather big price tag, so many cybercriminals may opt to stay away from it. However, you can rest assured that some high-profile threat actors are likely to have obtained copies of the Inter skimmer already, and might be waiting for an opportunity to use them in a threatening campaign. Since this online skimmer targets online vendors exclusively, it is recommended to protect your payment details by sticking to using legitimate and reputable online marketplaces.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.