In September 2019, Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program

identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce

merchant websites. PFD is naming the skimmer Pipka, due to the skimmer’s configured exfiltration point at

the time of analysis (as shown below in the Pipka C2s). Pipka was identified on a North American merchant

website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least

sixteen additional merchant websites compromised with Pipka. PFD previously reported on the use of Inter

to target service providers with malicious skimming code that was integrated into eCommerce merchant

environments. Unlike previous JavaScript skimmers, Pipka is able to remove itself from the HTML of the

compromised website after it executes, thus decreasing the likelihood of detection. 

Article ID 36000195195