iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK

IT News

Dec 13
Cisco rolls out its Silicon One plan, 8000 Series carrier-class routers and aims at selling chips to whitebox or hyperscale developers
Dec 12
From SD-WAN and cloud interconnection to security, the edge will be one active place in 2020
Dec 12
IoT and blockchain may be a natural fit, but it will still take five to 10 years before kinks are worked out and the two technologies can reach their full potential, according to Gartner.
Dec 11
By manipulating the voltage of Intel CPUs that use SGX, researchers can extract sensitive data, including full RSA encryption keys, from memory using the Plundervolt vulnerability.
Dec 11
The end of support in January for Windows 7 does not mean the end of support for Office 365 ProPlus. Users of the latter will get security updates, but no new features.
Dec 11
This new dual-payload cryptojacking malware can disable Windows Antimalware Scan Interface and inject itself directly into memory of legitimate processes.
Dec 11
Quantum computing is still way out there, but Amazon Web Services is bringing other computing tasks much closer to home.

Categories

Web payment card skimmers add anti-forensics capabilities

Researchers have detected compromises on ecommerce sites with a new JavaScript-based payment card skimmer that uses anti-forensics techniques, including the ability to remove itself from the web page's code after execution. Dubbed Pipka, the malicious script was found by researchers from Visa's Payment Fraud Disruption (PFD) team on the site of a North American merchant that had been previously infected with a different skimmer called Inter. Further investigation uncovered another 16 online merchant sites infected with Pipka.

The new threat on the block

Web skimming is the theft of payment card details from ecommerce websites through malicious scripts injected into them. The scripts are typically injected into the checkout pages to siphon off card information as it is entered by buyers into web forms.

This type of attack has become popular over the past few years, with the rise of one particular skimmer called Magecart that over a dozen groups use. Despite using the same skimmer, these groups employ different techniques and methods to inject their malicious code into websites and keep it hidden.

Some exploit known vulnerabilities. Others compromise legitimate third-party scripts that are loaded into websites, like those for web analytics services, and there is evidence that some groups are compromising routers used to set up Wi-Fi hotspots in airports and other public spaces to inject their code into legitimate traffic.

Researchers have even found evidence that links some of the Magecart groups with sophisticated cybercrime groups like Cobalt and FIN6 that have historically targeted the infrastructure of banks and retailers. This suggests web skimming is profitable enough to be on the radar of well-established criminal gangs that have already stolen hundreds of millions of dollars from organizations worldwide.

It's then no surprise that other web skimmers like Inter and now Pipka have started to appear to compete with Magecart and some of them have started being sold as commodities on underground markets. With no shortage of methods of compromising websites, researchers expect that web skimming attacks will continue.

What makes Pipka different

According to Visa PFD's analysis, Pipka is customizable, attackers being able to configure which form fields they want to steal data from. The stolen data is stored in a cookie in encrypted form and is then exfiltrated to a command-and-control server.

The skimmer can target two-step checkout pages by having configurable fields for both billing data and payment account data. Its most interesting feature, however, is its ability to delete itself from the page after successful execution.

"When the skimmer executes, on script load, it calls the start function which calls the clear function and sets the skimmer to look for data every second," the Visa researchers said in their security alert. "The clear function locates the skimmer's script tag on the page and removes it. Since this happens immediately after the script loads, it is difficult for analysts or website administrators to spot the code when visiting the page."

This type of self-removal routine has been used in desktop malware, but this is the first time it's been observed in web skimmers, which marks "a significant development" in this type of attack, the Visa researchers said.

Mitigation measures

Visa PFD advises administrators to add recurring checks in their ecommerce environments for communications with known command-and-control servers used by skimmers, to regularly scan their sites for vulnerabilities or malware, to vet their content delivery networks and the third-party code loaded by partners into their websites, to ensure their shopping cart software and other services are up-to-date and patched, to use strong administrative passwords and limit access to the administrative portal and to consider using an external checkout solution where customers enter their payment details on another webpage instead of the merchant's site.

This story, "Web payment card skimmers add anti-forensics capabilities" was originally published by CSO.