Cybersecurity researchers have recently unveiled a sophisticated campaign involving a new digital skimmer dubbed the “Mongolian Skimmer,” which utilizes Unicode obfuscation techniques to conceal its malicious code. This skimmer specifically targets e-commerce platforms, aiming to steal sensitive financial information entered by users during checkout processes. According to researchers from Jscrambler, the heavy use of invisible Unicode characters makes the skimmer’s code particularly challenging for analysts to read and detect, allowing it to operate under the radar of traditional security measures.
At its core, the Mongolian Skimmer leverages JavaScript’s capability to use any Unicode character in identifiers, obscuring its malicious functionality. The primary goal of this malware is to capture sensitive data entered on compromised e-commerce sites, including credit card details and personal identification information, which are then exfiltrated to attacker-controlled servers. The skimmer typically manifests as an inline script on compromised sites, fetching its payload from external servers to maintain stealth and reduce the risk of detection.
In a bid to evade analysis, the Mongolian Skimmer employs techniques to disable specific functions when a web browser’s developer tools are opened. This ensures that analysts cannot easily debug or understand its operations. Furthermore, the skimmer uses well-known compatibility techniques to work across various browsers, employing both modern and legacy event-handling methods. This approach guarantees that it can target a broad range of users, regardless of the browser version, increasing its effectiveness and potential victim pool.
Researchers have also observed an “unusual” loader variant within the skimmer that activates only upon user interaction events, such as scrolling, mouse movements, or touch actions. This functionality not only serves as an effective anti-bot measure but also helps prevent performance bottlenecks that could raise suspicion among users. The research indicates that the Mongolian Skimmer represents a significant evolution in cybercriminal tactics, highlighting the need for e-commerce platforms to bolster their security measures and for consumers to remain vigilant against such threats in their online shopping experiences.
