angrybeaver is a skimmer written in JavaScript that is designed to target Payflowpro & authorizenet payments on Magento ecommerce websites. It doesn’t use the same obfuscation techniques that are popular among other JS skimmers.

The use of the lesser known backtick operator and $_POST results in probably one of the smallest PHP one-liner minishells: ~12 characters

A phishing kit found in-the-wild during the development stage and leaks the ‘order notes’ from the buyer.

A JavaScript skimmer designed to steal payment data entered into the WooCommerce PayPal Pro gateway on the victim’s infected ecommerce website. Lowkey exfiltration domain: templatesurvey[.]com.

A skimmer that steals payment data from customers that check out using the SagePay payment method.