216.73.216.133

The Mongolian Skimmer: different clothes, equally dangerous

· Published 14/10/2024 10:54 · Modified 14/10/2024 11:14

Export JSON

Essential information

Published
14/10/2024 10:54
Modified
14/10/2024 11:14
Tags
2024-10-14 cybercrime malicious obfuscation skimming underground
Related entities
13 observables, 9 techniques (mitre)

Description

This report details the analysis of a campaign, dubbed the 'Mongolian Skimmer,' which utilizes an technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel approach, it ultimately employs well-known JavaScript capabilities. The skimmer follows typical patterns, including DOM monitoring, data exfiltration, anti-debugging measures, and cross-browser compatibility. An intriguing aspect is the discovery of a conversation between threat actors through code comments, where they agreed to split profits from the operation.

External references