Pipka - A New Skimmer Targets the payment card details from E-commerce Websites

A new JavaScript payment card-skimmer is found by the security researchers that is named as Pipka. The malware was first found on a website of North American merchant in September 2019 by the Visa's Payment Fraud Disruption Group security researchers. And later the security researchers found the same malware in almost sixteen e-commerce sites.

The major motive of the malware is to evade detection by removing itself from the HTML code of a compromised website after it successfully executes.

After initial execution, the Pipka is not present within the HTML code and this is why it has a unique ability to evade its detection. The hackers were directly injecting Pipka into different locations on e-commerce sites. And this malware was especially targetting only the e-commerce sites. The hackers are using the Pipka malware to steal the payment card details of the users from the e-commerce sites.

The details consist of cardholder numbers, payment card account numbers, expiration dates, CVV numbers, and other several sensitive data.

The malware is capable of collecting billing data on one page and payment account data on another. A cipher ROT13 is used to encode and encrypt the base64 that is harvested data and later it is stored in a cookie for exfiltration. The researchers have advised the e-commerce website users to regularly scam and test their websites for vulnerabilities or malware and also to limit access to the administrative portal. It is also advisable to keep all your shopping carts and other online sites to keep upgraded.