Caramel Credit Card Theft is Becoming Increasingly Common 

Caramel Credit Card Theft is Becoming Increasingly Common 

A credit card theft service is gaining traction, providing a simple and automated option for low-skilled threat actors to enter the realm of financial crime. Credit card skimmers are malicious programs that are put into compromised e-commerce websites and wait patiently for clients to make a purchase. 

Following a transaction, these malicious scripts capture credit card information and transport it to remote sites, where threat actors can gather it. These cards are then used by threat actors to make online transactions for themselves or sell the credit card information to other cybercriminals on dark web markets for as little as a few dollars. 

Domain Tools found the new service, which claims that it is run by a Russian criminal outfit called “CaramelCorp.” Subscribers receive a skimmer script, deployment/installation instructions, and a campaign management panel, including everything a threat actor needs to start their own credit card thievery operation. 

Caramel only sells to Russian-speaking threat actors after a first verification procedure that weeds out individuals who use machine translation or are new to the sector. A lifetime subscription costs $2,000, which isn’t cheap for aspiring threat actors, but it includes complete customer service, code upgrades, and growing anti-detection methods for Russian-speaking hackers. 

According to the sellers, Caramel may evade protective systems like Cloudflare, Akamai, Incapsula, and others. A “quick start” tutorial on JavaScript approaches that function exceptionally well in specific CMS (content management systems) is offered to purchasers. Since the credit card skimmer scripts are written in JavaScript, Caramel provides subscribers with several obfuscation techniques to keep them hidden. 

The “setInterval()” technique, which exfiltrates data between preset times, is used to acquire credit card data. While it may not appear to be an efficient strategy, it may be used to collect information from abandoned carts and completed transactions. Finally, the campaigns are managed through a panel that allows the subscriber to monitor the affected e-shops, configure the gateways for receiving stolen information, and more. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.


Share on facebook
Share on twitter
Share on linkedin