BleepingComputer reports that more Russian-speaking threat actors have been leveraging Russian cybercrime operation CaramelCorp's Caramel skimmer-as-a-service platform, which was first promoted in the dark web in 2020.
With a lifetime subscription fee of $2,000, Caramel offers a skimmer script and instructions on its deployment, as well as a campaign management panel. Subscribers to the Caramel service are also promised complete customer support, as well as code and anti-detection upgrades, with those selling the service claiming its ability to evade protection services. Different obfuscation techniques are also being offered by Caramel.
Moreover, Caramel exfiltrates credit card data through the "setInterval()" method, which also enables the theft of incomplete purchase details. Threat actors could then use a panel within Caramel to gain insights on e-shops they have compromised, as well as manage stolen data gateways.
Skimming services such as Caramel may increase the prevalence of skimmer campaigns and should prompt increased caution among e-commerce platform customers.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.