US 12,457,224 B2
Detecting obfuscated web skimmers based on encoding and hooking
Jin Chen, San Jose, CA (US); Tao Yan, San Jose, CA (US); Taojie Wang, San Jose, CA (US); Mengying Hu, Sunnyvale, CA (US); and Yue Guan, Fremont, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Jul. 7, 2023, as Appl. No. 18/219,272.
Prior Publication US 2025/0016179 A1, Jan. 9, 2025
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1416 (2013.01) [H04L 63/1483 (2013.01)] 20 Claims
OG exemplary drawing
 
15. A method, comprising:
receiving a sample, wherein the sample includes executable code;
performing static analysis on the sample using encoded web skimmer detection rules, wherein the encoded web skimmer detection rules are pre-encoded patterns applied to the executable code and based on portions of known web skimmer obfuscation techniques;
performing dynamic analysis on the sample using hooking; and
detecting an obfuscated web skimmer based on results of the static analysis using the encoded web skimmer detection rules or the dynamic analysis using hooking, or both.