Home Malware Programs Ransomware Rocket Loader Skimmer

Rocket Loader Skimmer

Posted: March 11, 2020

The Rocket Loader Skimmer is a new JavaScript-based skimmer that appears to show a lot of similarities with the skimmers used by the Magecart gang. Although the Rocket Loader Skimmer does not pack any interesting features in terms of the techniques it uses to exfiltrate the payment details of its victims, it uses a rather interesting trick to hide its components – its authors have opted to mask it as the 'Rocket Loader,' a service that CloudFlare uses to speed up the loading times of the websites of their customers.

The fake 'Rocket Loader' script is loaded alongside the original one, and the attackers use a clever and innovative trick to make the source of script look legitimate – they use the domain 'http.ps' to host the malicious file. This way, the user might see the URL 'http.ps//ajax.cloudflare.com/' in their Web browser – by mimicking the 'HTTPS' scheme, they may leave users with the impression that this is a legitimate script. In reality, the bogus URL would look like this – 'http://http.ps//ajax.cloudflare.com/.'

A Magecart-Related Skimmer Tries to Impersonate a CloudFlare Service

JavaScript skimmers are exceptionally dangerous because their authors plant them on hacked online stores and markets that may be used by hundreds of users. Neither the customers nor the owners of the store are likely to notice the malicious behavior that takes place in the background, and this may allow the Rocket Loader Skimmer's operators to collect the payment information of hundreds of users before being caught. The Rocket Loader Skimmer, in particular, has an English and Portuguese version available, and it works by silently collecting the payment and personal information that customers enter when they attempt to complete their purchase from the hacked online store. Their checkout will be completed without a hitch, and they are unlikely to spot anything out of the ordinary.

To protect yourself from online skimming attacks, we advise you to use trustworthy and reputable online stores that take their website's security seriously.

Loading...