Threat actors have utilized Unicode characters to conceal the Mongolian Skimmer in targeted e-commerce websites as part of a new attack campaign aimed at exfiltrating financial information and other sensitive data, reports The Hacker News.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization, according to a Jscrambler analysis. Mongolian Skimmer has also been launched by another loader variant upon identification of certain user interaction events, noted researchers, who also discovered one of the sites compromised by the skimmer to be also targeted by a separate threat actor. "The obfuscation techniques found on this skimmer may have looked to the untrained eye as a new obfuscation method, but that was not the case. It used old techniques to appear more obfuscated, but they are just as easy to reverse," said Jscrambler researcher Pedro Fortuna.
