Researchers have found a new e-commerce skimmer designed to steal payment card details that also has the interesting ability to remove itself after exfiltrating stolen data. Named Baka, this malware was discovered in February of 2020 when Visa was examining a Command and Control (C2) server that previously hosted an ImageID web skimming kit. Visa believes Baka was designed by a skilled malware developer because it not only has the normal features such as configurable target form fields and data exfiltration using image requests, but it also features an advanced design that comes with unique obfuscation methods and loader. The team at Visa stated, “this skimmer variant avoids detection and analysis by removing itself from memory when it detects the possibility of dynamic analysis with Developer Tools or when data has been successfully exfiltrated.” Visa detected Baka on seven different domains in several countries.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in