Pipka
JavaScript-based skimmers are becoming a more common occurrence, and it seems that more and more threat actors are experimenting with these simple to build tools. However, while creating a JavaScript skimmer is not the most challenging task, using it requires a lot of effort – the cybercriminals behind the skimmer need to compromised the security of an online merchant, and then add the skimmer component to the checkout page silently, therefore ensuring that the payment data of all customers will be harvested. Recently, VISA released a report describing a new JavaScript skimmer called Pipka. This threat is no different than other skimmers like Magecart, but it does involve a few quirks that give it the ability to stay undetected for longer.
Pipka was Found Working on a North American Online Store
Pipka was first spotted on a North American online store that had problems with another skimmer known as the Inter JavaScript skimmer previously. However, Pipka proved to be much more sophisticated swiftly since it had some key abilities that helped it stay under the radar:
- Pipka erases traces of its existence after being executed. This means that the source code of the checkout page will be free of evidence once the skimmer has taken the necessary information.
- The data is exfiltrated via an HTML
tag, which has an 'onload' property added to it. The 'onload' property can be used to execute JavaScript when the '' tag is loaded. The crooks use this technique to exfiltrate the collected data and then trigger a piece of JavaScript code that wipes out the tag without refreshing the page. This makes the process seamless and reduces the fingerprint left behind.
Just like other skimmers, Pipka also is configurable and can be used to grab all information sort from the checkout page. So far, the crooks appear to focus on gathering credit card number, expiration date, CVV and the user's name and address. All collected data is sent as an encoded string, and the skimmer will compare the new string with the ones in its database to avoid duplicates.
As a consumer, it might be difficult to protect yourself from JavaScript skimmers since these threats are found in compromised online stores. Thankfully, they are not spread that widely, so you should not have any issues as long as you keep using the services of reputable stores that employ the latest cybersecurity practices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.