Security News > 2020 > September > Visa Issues Alert for 'Baka' JavaScript Skimmer

A JavaScript skimmer identified earlier this year uses dynamic loading to avoid detection by static malware scanners, Visa warns.

The skimmer is basic, containing the expected components and functionality of such a kit, namely an administration panel, an exfiltration gateway, and a skimming script generator, but has an advanced design, suggesting that it is the work of a skilled developer, Visa notes in a security alert.

To further avoid detection and analysis, the skimmer removes itself from memory when detecting attempts for dynamic analysis using Developer Tools, as well as when the targeted data has been successfully exfiltrated, Visa Payment Fraud Disruption says.

"To further prevent detection, Baka uses an XOR cipher to encrypt hard-coded values and obfuscate the skimming code delivered by the C2. While the use of an XOR cipher is not new, this is the first time Visa has observed its use in JavaScript skimming malware. The developer of this malware kit uses the same cipher function in the loader and the skimmer," Visa says.

In November last year, Visa published information on another JavaScript skimmer, called Pipka.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/0SysgVwCwGM/visa-issues-alert-baka-javascript-skimmer