Magecart’s Success Paves Way For Cybercriminal Credit Card ‘Sniffer’ Market


Level 6
Thread author
Oct 1, 2019
Magecart’s successes have led to threat actors actively advertising ‘sniffers’ that can be injected into e-commerce websites in order to exfiltrate payment cards.
The Magecart threat group has dominated headlines for its use of malicious JavaScript code, which is injected into e-commerce websites to exfiltrate customer payment card data. But new research points to a growing industry on underground forums where so-called “sniffers” are being advertised, sold and regularly updated.

The new research, shared exclusively with Threatpost, shows an array of threat groups who over the past six months have been tracked continually developing and advertising customized payment sniffers that are updated regularly, contain multiple capabilities, and are available for purchase or rent – making this type of web based attack more readily available to cybercriminals of all calibers, from sophisticated actors to script kiddies.

“The biggest takeaway is that there exists a market, demanded by cybercriminals, for threat actors to advertise customized sniffer variants to conduct attacks against e-commerce websites through malicious JavaScript injection,” researchers with Recorded Future told Threatpost, on Thursday. “These customized sniffers contain multiple functions and are updated regularly to defeat security enhancements.”

Sniffers are malicious code (generally JavaScript) that is injected onto website payment systems via XSS attacks and otherwise. These are designed to steal payment card numbers, card verification values (the three- or four-digit number on the back of credit cards) and other personal identifiable information (PII) like names.

The Magecart group has found widespread successes in using these tools, with targets such as Ticketmaster, British Airways and other brands under its belt. The successes of Magecart-related attacks is also coupled with the increase in online shoppers due to the COVID-19 pandemic and mobile communications. These factors are spurring attackers to look to web based attacks for siphoning credit card information over the past year, researchers said.
  • Wow
Reactions: ForgottenSeer 85179