A credit card theft service is gaining traction, providing a simple and automated option for low-skilled threat actors to enter the realm of financial crime. Credit card skimmers are malicious programs that are put into compromised e-commerce websites and wait patiently for clients to make a purchase.
Following a transaction, these malicious scripts capture credit card information and transport it to remote sites, where threat actors can gather it. These cards are then used by threat actors to make online transactions for themselves or sell the credit card information to other cybercriminals on dark web markets for as little as a few dollars.
Domain Tools found the new service, which claims that it is run by a Russian criminal outfit called “CaramelCorp.” Subscribers receive a skimmer script, deployment/installation instructions, and a campaign management panel, including everything a threat actor needs to start their own credit card thievery operation.
Caramel only sells to Russian-speaking threat actors after a first verification procedure that weeds out individuals who use machine translation or are new to the sector. A lifetime subscription costs $2,000, which isn’t cheap for aspiring threat actors, but it includes complete customer service, code upgrades, and growing anti-detection methods for Russian-speaking hackers.
According to the sellers, Caramel may evade protective systems like Cloudflare, Akamai, Incapsula, and others. A “quick start” tutorial on JavaScript approaches that function exceptionally well in specific CMS (content management systems) is offered to purchasers. Since the credit card skimmer scripts are written in JavaScript, Caramel provides subscribers with several obfuscation techniques to keep them hidden.
The “setInterval()” technique, which exfiltrates data between preset times, is used to acquire credit card data. While it may not appear to be an efficient strategy, it may be used to collect information from abandoned carts and completed transactions. Finally, the campaigns are managed through a panel that allows the subscriber to monitor the affected e-shops, configure the gateways for receiving stolen information, and more.
