the wild that can erase itself from HTML code after execution.
The malware, named Pipka, was found running on several
eCommerce websites in the United States. While the basic working principle
caught the attention of security professionals.
Pipka was actually running on a website already infected
with another skimmer, named Inter. Pipka lets attackers see what form fields
are parsed and extracted, and that includes incredibly important data such as
payment account number, expiration date, CVV, and cardholder name and address.
“The most interesting and unique aspect of Pipka is its
ability to remove itself from the HTML code after it is successfully executed.
This enables Pipka to avoid detection, as it is not present within the HTML
code after initial execution,” says
Visa. “This is a feature that has not been previously seen in the wild, and
Moreover, Pipka is not a proof of concept. It was already
running in the wild when the researchers from Visa Payment Fraud Disruption’s
(PFD) eCommerce Threat Disruption (eTD) program found it. Which only means that
it might be more widespread.
skimmers, as the process is invisible to them. However, they can safeguard
against such problems by installing security software, using multi-factor
authentication, enabling alerts for credit cards, and sticking only to known
websites that employ 3-D Secure (Visa only.)