Media and Entertainment

New JavaScript Skimmer has Anti-Forensics Feature

12 - 18 November 2019

A new JavaScript payment card skimmer dubbed Pipka has added anti-forensics feature to evade detection.

A new JavaScript payment card skimmer dubbed Pipka has added anti-forensics feature to evade detection. Pipka has the ability to remove itself from the HTML code of the compromised website after successfully execution. The self-removal routine makes it difficult for website administrators to spot the code when visiting the compromised payment page. E-commerce site administrators are encouraged to add recurring checks for suspicious outbound traffic to command and control servers used by skimmers. They should also perform regular vulnerabilities assessment to close security gaps and ensure that software and services are up-to-date. 

References:

New JavaScript Skimmer ‘Pipka’ Targeting eCommerce Merchants Identified (PDF)

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence