Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

https://firewall.firm.in/wp-content/uploads/2024/10/shopping.png

Oct 10, 2024Ravie LakshmananCybercrime / Malware

Mongolian Skimmer

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer.

“At first glance, the thing that stood out was the script’s obfuscation, which seemed a bit bizarre because of all the accented characters,” Jscrambler researchers said in an analysis. “The heavy use of Unicode characters, many of them invisible, does make the code very hard to read for humans.”

The script, at its core, has been found to leverage JavaScript’s capability to use any Unicode character in identifiers to hide the malicious functionality.

Cybersecurity

The end goal of the malware is to steal sensitive data entered on e-commerce checkout or admin pages, including financial information, which are then exfiltrated to an attacker-controlled server.

The skimmer, which typically manifests in the form of an inline script on compromised sites that fetches the actual payload from an external server, also attempts to evade analysis and debugging efforts by disabling certain functions when a web browser’s developer tools is opened.

“The skimmer uses well-known techniques to ensure compatibility across different browsers by employing both modern and legacy event-handling techniques,” Jscrambler’s Pedro Fortuna said. “This guarantees it can target a wide range of users, regardless of their browser version.”

Mongolian Skimmer

The client-side protection and compliance company said it also observed what it described as an “unusual” loader variant that loads the skimmer script only in instances where user interaction events such as scrolling, mouse movements, and touchstart are detected.

This technique, it added, could serve both as an effective anti-bot measure and a way to ensure that the loading of the skimmer is not causing performance bottlenecks.

One of the Magento sites compromised to deliver the Mongolian skimmer is also said to have targeted by a separate skimmer actor, with the two activity clusters leveraging source code comments to interact with each other and divide the profits.

Cybersecurity

“50/50 maybe?,” remarked one of the threat actors on September 24, 2024. Three days later, the other group responded: “I agree 50/50, you can add your code :)”

Then on September 30, the first threat actor replied back, stating “Alright ) so how can I contact you though? U have acc on exploit? [sic],” likely referring to the Exploit cybercrime forum.

“The obfuscation techniques found on this skimmer may have looked to the untrained eye as a new obfuscation method, but that was not the case,” Fortuna noted. “It used old techniques to appear more obfuscated, but they are just as easy to reverse.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket