Rewterz Threat Alert – Azorult Malware – Active IoCs
November 18, 2019Rewterz Threat Advisory – CVE-2019-13945 – ICS: Undocumented access feature in Siemens SIMATIC PLCs Code Execution Vulnerability
November 18, 2019Severity
Medium
Analysis summary
Security researchers at Visa have uncovered a new type of JavaScript skimmer that has infected the online checkout pages for at least 17 ecommerce websites in an effort to steal payment card data. This newly discovered skimmer, dubbed “Pipka,” has the ability to remove itself from the HTML of a compromised payment website after it executes, enabling it to avoid security detection, according to the Visa researchers.
After first finding Pipka, the Visa researchers discovered the skimmer on at least 16 other online checkout pages at ecommerce sites. As with other skimmers, Pipka is designed to extract payment card account number, expiration date, card verification value number, cardholder name and address.
The creators of Pipka incorporated the self-removal technique as an extra layer of defense against security software. And while this type of avoidance technique has been spotted with desktop malware, it has not been previously incorporated into JavaScript skimmers.
Impact
Financial loss
Remediation
- Ensure the e shopping cart, other services, and all software are upgraded or patched regularly.
- Scan and test for vulnerabilities or malware regularly.
- Implementation of best practices for securing e commerce.