article featured image


A credit card stealing service is gaining traction, providing a simple and automated option for low-skilled threat actors to enter the realm of financial fraud.

How Do Credit Card Skimmers Work?

Credit card skimmers stand for malicious programs that are put into compromised e-commerce websites and wait patiently for clients to purchase something on that website.

Following a purchase, these malicious programs capture credit card information and transport it to remote sites, where hackers can collect it.

These stolen cards will be further used by cybercriminals to make online purchases for themselves or the credit card info end up on sale on dark web markets.

Caramel Credit Card Theft: More Details

Domain Tools found the new service, which claims that it is run by a Russian criminal outfit called “CaramelCorp.”

CaramelCorp is a Russian-language credit card skimming service with a significant cybercrime forum presence. They appear to screen prospective customers carefully and are reluctant to interact with non-Russian speakers. Like other cautious cybercrime services, CaramelCorp appears to use fluency and familiarity with modern idiomatic language and cultural references as an initial vetting mechanism. Further, CaramelCorp generally refuses to sell licenses to inexperienced carders, likely in order to mitigate potential exposure arising from customer incompetence. This reluctance is perhaps one reason Caramel avoids significant scrutiny from security vendors and researchers.


Subscribers receive a skimmer script, deployment instructions, and a campaign management panel, which includes everything a hacker needs to start their own credit card thievery campaign.

Caramel only sells to Russian-speaking threat actors after a first verification procedure that weeds out individuals who use machine translation or are new to the sector.

The cost of a lifetime subscription is $2,000, which isn’t cheap for aspiring threat actors, but it includes complete customer service, code upgrades, and growing anti-detection methods for Russian-speaking hackers.

Caramel can evade protective systems like Cloudflare, Akamai, Incapsula, and others, according to marketers.

A “quick start” tutorial on JavaScript approaches that function particularly well in certain CMS is offered to buyers.

Because the credit card skimming scripts are written in JavaScript, Caramel provides subscribers with a number of obfuscation techniques to keep them hidden.

The “setInterval()” technique, which exfiltrates data between preset periods, is used to acquire credit card data. This strategy can be used to collect information from abandoned carts and completed purchases.

Finally, the campaigns are managed through a panel that allows the subscriber to monitor the affected e-shops, configure the gateways for receiving stolen data, and more.

Since 2020, the Company Has Been in Operation

It seems that this particular campaign and skimming campaigns, in general, are not new on the market as BleepingComputer states that in December 2020 they discovered the first dark web posts offering the kit for sale.

Caramel has grown in popularity in the underground scene thanks to continued development and advertising.

You can defend yourself from credit card skimmers by utilizing one-time private cards, putting up charging limitations and prohibitions, or just replacing the usage of cards with online payment methods.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!

Leave a Reply

Your email address will not be published. Required fields are marked *