Credit card skimmers are a constant source of headaches for e-commerce websites, online merchants, financial institutions, and their customers alike. Skimming is a lucrative source of income for threat actors. One such credit card skimming service is gaining popularity among low-skilled threat actors. 

Diving into details

Threat intel provider DomainTools discovered the new skimmer-as-a-service Caramel that is operated by CaramelCorp, a Russian cybercrime organization. The service is being sold only to Russian-speaking hackers and uses a vetting process to reject those who are inexperienced. The kit includes a skimmer script, a campaign management panel, and deployment instructions. 

Benefits offered

  • The lifetime subscription is being sold for $2,000 and offers anti-detection solutions, code upgrades, and complete customer care support to Russian-speaking hackers.  
  • The buyers are, furthermore, provided a quick start guide on JavaScript methods, specially tailored for content management systems. The guide focuses on less technically adept buyers.
  • As the scripts are written in JavaScript, Caramel includes a variety of obfuscation techniques to evade detection. 
  • A campaign administration panel enables the malware operator to keep an eye on infected e-stores and manage gateways for stolen data reception. 

Why this matters

Credit card skimming has a high success rate and requires less effort as compared to complicated attack vectors, leading to a rise in such activity. Following are the factors adding to the growth of this trend among cybercriminals.
  • Ecommerce websites are often vulnerable, easy to detect all at once, and lack dedicated security teams. 
  • JavaScript injection is relatively easy to perform, along with the use of other tools and services offered by cybercriminal forums. 
  • Abusing and dumping stolen data is easier and cheaper than other forms of fraud and can build the foundation for targeted attacks in the future. 
  • Skimming attacks can adapt to counter defenses with anti-analysis and sophisticated obfuscation tactics. 

The bottom line

Continual marketing and development have made Caramel a popular fixture in the underground market. While card skimming campaigns are nothing new, this skimmer-as-a-service boasts extensive features that remove the barrier to conducting large-scale campaigns. This indicates that skimming campaigns may witness a rise in the future and the way to stay safe is by implementing charging limits and preferring online payment systems instead of cards.
Cyware Publisher