Pipka, the newly discovered web skimming script can remove every trace from host website after execution, making it almost impossible to detect.
The research team from Visa’s Payment Fraud Disruption (PFD) discovered this new skimming script on the website of a merchant located in North America, though the website had been previously infected with Inter, another popular card skimmer. And on further investigation by the team, it uncovered about 16 other merchant websites that are also infected with Pipka.
Albeit, web payment skimming attack has been popular lately, owing to the rise of Magecart which shopping cart skimmers attacked over a dozen retailers. But despite running the same skimmer, these groups used a different technique and method to inject the malicious script into targeted sites.
What is Web Skimming?
The theft of card details from eCommerce sites through the use of malicious scripts injected into the websites, is known as Web skimming. While the scripts are injected into the retailer's checkout pages to steal credit card information as customers enter their card details on purchase of an item.
And some notable skimming attacks were those waged by Magecart, which is an umbrella organization made up of a dozen groups that have been targeting e-commerce sites of several major organizations, including Ticketmaster and British Airways, over the past 12 months.
The cases involving Magecart, according to security researchers had the attackers re-inject the malicious script into retailers check-out websites, even after been detected by the security teams.
How is Pipka different from Magecart?
Unlike Magecart, Pipka is very customizable, allowing attackers to configure which form fields exactly they are targeting to steal its data. And the stolen data is also stored as a cookie in encrypted form, which is then ex-filtrated to their command-and-control server.
The attackers can target even two-step checkout pages by configuring fields for both the billing data and payment account data, which makes it most interesting, with its ability to remove all traces, by deleting itself from the webpage after execution.
How to Protect Your e-Commerce site from Pipka
It is advised that website administrators should add recurring checks in eCommerce environments for communications with any known skimmers' command-and-control servers. This is to enable them to regularly scan their websites for malware, and to vet the content delivery networks and any other third-party code loaded by partners onto their websites.
Other measures is to ensure the shopping cart software are up-to-date and patched, and using of strong passwords, including the limiting of access to the administrative portal and using an external checkout solutions.