The Mongolian Skimmer: different clothes, equally dangerous
Essential information
- Published
- 14/10/2024 10:54
- Modified
- 14/10/2024 11:14
- Tags
- 2024-10-14 cybercrime malicious obfuscation skimming underground
- Related entities
- 13 observables, 9 techniques (mitre)
Description
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScript capabilities. The skimmer follows typical patterns, including DOM monitoring, data exfiltration, anti-debugging measures, and cross-browser compatibility. An intriguing aspect is the discovery of a conversation between threat actors through code comments, where they agreed to split profits from the skimming operation.