"Web Payment Card Skimmers Add Anti-Forensics Capabilities"

Researchers from Visa's Payment Fraud Disruption (PFD) team have found a new JavaScript-based payment card skimmer, dubbed Pipka, which has affected 16 e-commerce websites. Web skimming refers to the injection of malicious scripts into online merchant sites to steal payment card information. Web skimming attacks are usually performed by inserting malicious scripts into checkout pages where users enter their payment card information. Pipka differs from another web skimmer, called Magecart, in that it is customizable, allowing attackers to set the skimmer's targeted form fields from which they want data to be stolen. In addition to other features that sets Pipka apart from Magecart, the new web skimmer is capable of deleting itself from a web page's source code after it has been executed. This article continues to discuss the concept of web skimming, known skimmers such as Magecart, the capabilities of Pipka, and suggested mitigation measures against this attack.

CSO Online reports "Web Payment Card Skimmers Add Anti-Forensics Capabilities"