Sneaky New e-Payment Skimmer Avoids Security Detection
Published: November 9, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Visa’s PFD Security Alert sounded the alarm about Baka. Baka is a malware that steals payment card data from e-commerce sites. The difference between Baka and other payment skimmers is that Baka is designed to hide from security tools. When a skimmer can’t be detected on a payment system, that’s a dangerous problem for e-commerce sites and their customers.
Once the infection takes hold, Baka is able to work undetected because it’s never actually present on the targeted server. According to Visa, the Baka skimmer collects payment and other customer data and sends it to the hacker’s command and control (C&C or c2) server. The C&C server is the command center of an attack and the place where stolen data is sent back to the criminal orchestrating the theft. By staying off of the victim’s server, Baka evades detection because security tools don’t work on what they can’t find.
Other Skimmer Scams
In November of last year, Visa’s eTD found another skimmer called Pipka. Pipka was also able to evade detection by removing itself from a payment website. Aside from Baka and Pipka, another skimming attack has also been prominent in e-commerce. In August, Group-IB security firm sounded the alarm about a criminal gang called UltraRank. This gang used malicious code to skim payment data and then sold the stolen data on its underground website.
Fortunately, there are security tips that e-commerce sites can follow to help mitigate damage from Baka and other powerful skimming attacks:
Securing an E-Commerce Site
Scan and test e-commerce sites regularly for malware and other vulnerabilities. Always hire a reputable provider to help secure an e-commerce site.
Require strong and unique administrator passwords and enable two-factor authentication (2FA).
Always keep all software upgraded and patched with the latest version, especially those used on shopping carts and checkout/payment sites.
Limit access only to those who need it, including the administrative portal and accounts.
Thoroughly investigate third parties and delivery networks that have access to the checkout/payment functions, making sure they are legitimate before partnering with them.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org