Preface: Visa identified a previously unknown eCommerce skimmer, and named the skimmer ‘Baka’.
According to an alert from Visa’s Payment Fraud Disruption (PFD) division, the skimmer also attempts to avoid detection and analysis by “removing itself from memory when it detects the possibility of dynamic analysis with Developer Tools or when data has been successfully exfiltrated”.
How to protect against this attack?
– Sanitizing at the url param layer
– Sanitizing at the templating layer