loader gif

JS-sniffers infect 2440 websites worldwide to steal customers’ payment card details

JS-sniffers infect 2440 websites worldwide to steal customers’ payment card details
  • Researchers noted that there are 38 unique JS-sniffers’ families, out of which 8 are discovered for the first time.
  • The price of JS-sniffers’ ranges from $250 to $5,000 on underground forums.

Group-IB, the cybersecurity firm, has released a comprehensive report on JavaScript-sniffers malware. The malware has been found to have infected 2440 online retail websites to steal customers’ payment card details. These websites are estimated to be visited by around 1.5 million unique users daily.

What are JS-sniffers - JS-sniffers, also known as JavaScript-sniffers are specifically designed to compromise websites that run Magento, OpenCart, Shopify, WooCommerce and WordPress software. It is the online equivalent of a credit card skimmer.

During their extensive analysis, the Group-IB researchers noted that there are 38 unique JS-sniffer families, out of which 8 are discovered for the first time. Some of the prominent JS-sniffers’ families are PreMage, MagentoName, FakeCDN, Qoogle, GetBilling, WebRank, G-Analytics andPostEval.

The price of JS-sniffers’ ranges from $250 to $5,000 on underground forums. The attackers can use the malware family to target shoppers, banks, online stores, and payment systems.

How it works - The cybercriminal inject the malicious JavaScript-sniffers into websites. The malware, once installed, intercepts the users’ input on the checkout page of the website and steal customers’ bank card numbers, names, addresses, login details and passwords in real time.

Group-IB’s analysis revealed that more than half of the resources were attacked by MagentoName JS-sniffer family. This malware exploits vulnerabilities in the older versions of Magento CMS to inject malicious code. WebRank JS-sniffers and CoffeMokko were involved for infecting more than 13% and 11% of the sites.

In general, hackers sell the stolen payment card data on darknet forums for around $1 to $5. Occasionally, the price is kept between $10 and $15. A significant number of dark web forums where JS-sniffers are put up for sale are Russian-speaking forums.

How to stay safe - The growing trend of attackers leveraging malware to steal payment card information from third-party websites is seen as a potential threat. Since attackers usually exploit known security issues in online e-commerce CMS. Hence, it is highly recommended for the website administrators to follow standard best practices. This includes applying the latest updates and security patches, limiting privileges for critical system resources and hardening the web servers.

On the other hand, online shoppers are advised to regularly review their payment card details and bank statements for any suspicious activity.

loader gif