T1056.004
Input Capture: Credential API Hooking
discovered 2026-07-09The typosquat interposes on the SDK's own gateway methods and property setters: CardOperationLogger hooks CreditCardGateway.Create/transaction/payment-method/card-verification calls to skim PAN/CVV/expiry before the legit HTTP request, and the BraintreeGateway.PrivateKey setter side-effects to leak MerchantId+PublicKey+PrivateKey, all without the developer invoking any obviously malicious API.