Visa has issued a warning about new digital skimming malware with a sophisticated design intended to circumvent detection by security tools.
The card giant said its Payment Fraud Disruption (PFD) group first discovered the “Baka” skimmer in February whilst analyzing a command and control (C2) server associated with the ImageID variant. PFD subsequently founded seven servers hosting the Baka skimming kit.
“While the skimmer itself is basic and contains the expected features offered by many e-commerce skimming kits (e.g. data exfiltration using image requests and configurable target form fields), the Baka skimming kit’s advanced design indicates it was created by a skilled developer,” it said.
“The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code. PFD assesses that this skimmer variant avoids detection and analysis by removing itself from memory when it detects the possibility of dynamic analysis