BleepingComputer reports that more Russian-speaking threat actors have been leveraging Russian cybercrime operation CaramelCorp's Caramel skimmer-as-a-service platform, which was first promoted in the dark web in 2020.
With a lifetime subscription fee of $2,000, Caramel offers a skimmer script and instructions on its deployment, as well as a campaign management panel. Subscribers to the Caramel service are also promised complete customer support, as well as code and anti-detection upgrades, with those selling the service claiming its ability to evade protection services. Different obfuscation techniques are also being offered by Caramel.
Moreover, Caramel exfiltrates credit card data through the "setInterval()" method, which also enables the theft of incomplete purchase details. Threat actors could then use a panel within Caramel to gain insights on e-shops they have compromised, as well as manage stolen data gateways.
Skimming services such as Caramel may increase the prevalence of skimmer campaigns and should prompt increased caution among e-commerce platform customers.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.