More on Dnsden[.]biz Swipers and Radix Obfuscation
After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3
#EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites (https://t.co/3YJM9YeyAw).
Additional domain seen in campaigns: checkip[.]bizhttps://t.co/U67qZosp1e pic.twitter.com/ZWwGZG6zyN
— EKFiddle (@EKFiddle) March 17, 2019
Just a brief round up of the Twitter discussion.
Neither the credit card swiper malware campaign from “dnsden[.]biz” nor the “radix obfuscation” trick is new.