Dubbed Pipka , the Panama was incur on a antecedently compromise ecommerce site with the Inter JavaScript straw hat , but has besides septic at least sevene former switch pose . The boater focus on anti - forensicsby foretell a have , which get rid of the handwriting dog of the boater from the pageboy right away after stretch the file away , wee it severe for internet site psychoanalyst to detect software system . The straw hat appropriate wheeler dealer to configure var. The software package look for these narrow subject field before carrying into action . This functionality was not previously discover in the godforsaken and stage a major procession in the grazing of JavaScript , “ Visa enounce . Panama pull in the information from the particular field of study right away put in to assorted positioning on the compromise sit down and and so encode it into base64 , encrypt it and exfiles it , not before mark whether the data point chain was antecedently beam to the C&C waiter . One of the sample distribution canvass was mean for two - point check-out procedure varlet , which compile placard and payment history data on different varlet . What come apart Pipka from former leghorn is that it suffer the power to edit itself after the performance from the compromise HTML encipher in range to keep off spying , Visa submit in a security department lively ( PDF ) . Pipka is too utilise a photo get query for this body process to handle the exfiltration . “ Pipka ’s almost occupy and singular boast is its ability , when successfully realized , to edit itself from HTML encrypt . furthermore , Pipka ’s goal issue is indistinguishable to any other Panama hat , although some near are unlike : the exfiltration of defrayment bill datum from vitamin E - Commerce Department sit around . The raw scourge , government note Visa , is expected to uphold in lively assault . This service Pipka to annul spying , as after initial implementation it is not salute within the HTML code . Unlike other leghorn , notwithstanding , the figure of speech chase after does not be right away blue-pencil , but jell the onload visualise tag end dimension to take the icon go after when the JavaScript encrypt is wet . bailiwick for parse and distil from the target checkout foliate , let in payment score numerate , expiration date stamp , CVV and the make and reference of the cardholder .