Silent Credit Card Thief Uncovered

April 4, 2025, 5:32 p.m.

Description

A sophisticated credit card skimming campaign dubbed 'RolandSkimmer' has been discovered, targeting users in Bulgaria. The attack utilizes malicious browser extensions across Chrome, Edge, and Firefox, initiated through a deceptive LNK file. The malware employs obfuscated scripts to establish persistent access, harvesting and exfiltrating sensitive financial data. The attack workflow involves system reconnaissance, downloading additional malicious files, and injecting scripts into web pages. The threat actor uses unique identifiers to track victims and employs sophisticated techniques to evade detection. The campaign demonstrates the evolving nature of web-based credit card skimming threats, highlighting the need for enhanced security measures against LNK-based attacks and unverified browser extensions.

External References

https://www.fortinet.com/blog/threat-research/rolandskimmer-silent-credit-card-thief-uncovered
https://otx.alienvault.com/pulse/67efc6e92fbd533808f09435
Tags
persistence
lnk file
evasion techniques
browser extensions
obfuscated scripts
2025-04-04
credit card skimming
financial data theft
rolandskimmer
bulgaria

Date

  • Created: April 4, 2025, 11:47 a.m.
  • Published: April 4, 2025, 11:47 a.m.
  • Modified: April 4, 2025, 5:32 p.m.

Attack Patterns

  • RolandSkimmer
  • RolandSkimmer

Additional Informations

  • Bulgaria