During their extensive analysis, the Group-IB researchers noted that there are 38 unique JS-sniffer families, out of which 8 are discovered for the first time. Some of the prominent JS-sniffers’ families are PreMage, MagentoName, FakeCDN, Qoogle, GetBilling, WebRank, G-Analytics andPostEval.
The price of JS-sniffers’ ranges from $250 to $5,000 on underground forums. The attackers can use the malware family to target shoppers, banks, online stores, and payment systems.
Group-IB’s analysis revealed that more than half of the resources were attacked by MagentoName JS-sniffer family. This malware exploits vulnerabilities in the older versions of Magento CMS to inject malicious code. WebRank JS-sniffers and CoffeMokko were involved for infecting more than 13% and 11% of the sites.
In general, hackers sell the stolen payment card data on darknet forums for around $1 to $5. Occasionally, the price is kept between $10 and $15. A significant number of dark web forums where JS-sniffers are put up for sale are Russian-speaking forums.
How to stay safe - The growing trend of attackers leveraging malware to steal payment card information from third-party websites is seen as a potential threat. Since attackers usually exploit known security issues in online e-commerce CMS. Hence, it is highly recommended for the website administrators to follow standard best practices. This includes applying the latest updates and security patches, limiting privileges for critical system resources and hardening the web servers.
On the other hand, online shoppers are advised to regularly review their payment card details and bank statements for any suspicious activity.