lolzilla Skimmer: PHP or JS?
lolzilla skimmer analyzes a visitor’s HTTP request to determine whether it can capture the visitor’s payment data using a PHP skimmer or if it should deploy a JavaScript skimmer onto the checkout page to capture the data.
PHP skimmer -> secure-authorize.net (malicious)
A PHP skimmer that exfiltrates the stolen payment data to a fake DLL file on the malicious domain secure-authorize.net.
_try_action Skimmer Sends Stolen Data To cdn-frontend.com
_try_action is a JavaScript skimmer and exfiltrates the stolen payment data to fake PNG image file at cdn-frontend.com/stat/pix.png
obj_31337 Skimmer Loads From payprocess.org
This skimmer loads from payprocess.org and exfiltrates to processpayment.cc
PHP -> JavaScript Conversion - $dataoo Skimmer
A comparison of a skimmer that an attacker rolled out in separate PHP and JavaScript versions. Big thanks to Baryo (@ctrl__esc)!