New “Baka” Skimmer Designed to Evade Detection: Visa

POSTED: 14th Sep

Payment cards provider Visa has warned its users about a new credit card skimming malware dubbed “Baka” that can evade traditional detection methods. The skimmer was discovered by Visa’s Payment Fraud Disruption (PFD) division while analyzing a command and control (C2) server, which also found seven C2 servers hosting the Baka skimming kit.

Baka: The Unique Skimmer

Along with the basic features offered by various skimming kits, the Baka skimmer has certain advanced capabilities that helps it bypass security scanners. In addition, the skimmer can erase itself from the victim’s device’s memory after exfiltrating data.

According to Visa’s PFD division, the skimmer performs five operations after it is injected.

  1. Generate a decryption function to decrypt the list of fields from which the skimmer will steal data.
  2. Skim the targeted fields every 100 milliseconds. When the attacker generates the skimming script for a victim, they specify which fields are targeted.
  3. Check if the skimmer found data every 100 milliseconds. This function then calls for data exfiltration and sets a flag called “this.load” indicating the skimmer successfully exfiltrated data.
  4. Check if the script should send data to the exfiltration gateway every 3 seconds. If the captured data flag is set, the exfiltration gateway URL is decrypted using the current victim merchant’s domain name as the key. The script then encodes the skimmed data into the GET parameters of the exfiltration URL.
  5. The last operation that is scheduled is a clean-up function. If data is exfiltrated, the clean-up function removes the entire skimming code from memory to avoid detection.

Read the full article from CISO Mag here.

Sign up for news updates


With the success of Securex West Africa 2019 marking our biggest and best edition to date, we are already preparing for the 2022 edition - and this is going to be even bigger! Get in touch now to secure the best stand at the exhibition.

Book a stand