BleepingComputer reports that more Russian-speaking threat actors have been leveraging Russian cybercrime operation CaramelCorp's Caramel skimmer-as-a-service platform, which was first promoted in the dark web in 2020.
With a lifetime subscription fee of $2,000, Caramel offers a skimmer script and instructions on its deployment, as well as a campaign management panel. Subscribers to the Caramel service are also promised complete customer support, as well as code and anti-detection upgrades, with those selling the service claiming its ability to evade protection services. Different obfuscation techniques are also being offered by Caramel.
Moreover, Caramel exfiltrates credit card data through the "setInterval()" method, which also enables the theft of incomplete purchase details. Threat actors could then use a panel within Caramel to gain insights on e-shops they have compromised, as well as manage stolen data gateways.
Skimming services such as Caramel may increase the prevalence of skimmer campaigns and should prompt increased caution among e-commerce platform customers.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.