R3NIN Sniffer-as-a-Service Targets E-commerce Consumers

Sniffing the e-Commerce

• The sniffer malware collects the input variables, converts them to a string, and sends them to the sniffer panel maintained by the attacker for further analysis and exploitation.
• The attacker leverages iFrame by tricking the victims into entering additional data asked by a fake pop-up window, which is typically not required on a legitimate page.
• The stolen data is processed in a commercialized format to either sell in underground forums or use it as phishing baits in different attacks.

Some of its top functionalities

• The sniffer panel has a generator containing malicious conditional script and an extractor that parses all the raw sniffed data and displays it in a clean format. The toolkit can be utilized with the object execution method and remote execution method.
• Notably, it has features including options to generate custom JavaScript codes for injection, cross-browser exfiltration of compromised payment card data, manage exfiltrated data, check BINs, parse data, and generate statistics.

Sniffer-as-a-service model

• Initially, R3NIN was made available at $1,500 as an introductory price for a limited time, however, the pricing model has since been revised, and now the toolkit access ranges between $3,000 and $4,500.
• The sniffer developers have launched two variants i.e. version 1.1 and version 1.2 with several improvements and new functionalities, in January.

Conclusion