Caramel credit card theft service is growing in popularity

0
408

[ad_1]

A credit card theft service is growing in popularity, allowing any low-skilled threat actor an easy, automated way to get started in the world of financial fraud.

Credit card skimmers are malicious scripts injected into hacked e-commerce websites that silently wait for customers to make a purchase on the site.

Once a purchase is made, these malicious scripts steal credit card details and send them to remote servers for attackers to collect.

Threat actors then use these cards to make their own online purchases or sell credit card details on dark web markets to other threat actors for as little as a few dollars.

Caramel skimmer as a service

The new service was discovered by Domain Tools, which claims that the platform is operated by a Russian cybercrime organization called “CaramelCorp”.

This service provides subscribers with a skimmer script, deployment instructions, and a campaign management dashboard, which is everything a threat actor needs to launch their own credit card theft campaign.

The Caramel service only sells to Russian-speaking threat actors, using an initial screening process that excludes those who use machine translation or have no experience in this field.

A lifetime subscription costs $2,000, which isn’t cheap for budding threat actors, but promises Russian-speaking hackers full customer support, code updates, and evolving anti-detection measures.

Caramel skimmer deployed at a site in Nigeria
Caramel skimmer deployed at a site in Nigeria (Domain Tools)

Vendors make unverified claims that Caramel can bypass protection services from Cloudflare, Akamai, Incapsula, and others.

Buyers receive a “quick start” guide to JavaScript methods that work particularly well on specific CMSs (content management systems).

Because credit card theft scripts are written in JavaScript, Caramel offers subscribers a variety of obfuscation techniques to avoid easy detection.

The Caramel JS obfuscator tool
The Caramel JS obfuscator tool (Domain Tools)

Collection of credit card data is done through the “setInterval()” method, which extracts data between fixed periods. Although this does not seem to be an effective method, it can help steal details even from abandoned carts and incomplete purchases.

Finally, the administration of the campaigns is done through a panel where the subscriber can monitor the compromised e-shops, manage the gateways for receiving the stolen data, and more.

candy panel
candy control panel (KELA)

In operation since 2020

Skimming campaigns are not new, and neither is Caramel. Bleeping Computer was able to find the first dark web posts offering the kit for purchase in December 2020.

2020 post promoting Caramel
2020 post promoting Caramel (KELA)

However, continued development and promotion has helped Caramel become more popular in the underground community.

The existence of Caramel and other such skimming services removes the technical barrier to setting up and operating large-scale card skimming campaigns, which could make skimming campaigns even more common.

For e-commerce platform customers, you can protect yourself from credit card skimmers by using unique private cards, setting collection limits and restrictions, or simply by using online payment systems instead of cards. .

[ad_2]