Magecart’s successes have led to threat actors actively advertising ‘sniffers’ that can be injected into e-commerce websites in order to exfiltrate payment cards.

The Magecart threat group has dominated headlines for its use of malicious JavaScript code, which is injected into e-commerce websites to exfiltrate customer payment card data. But new research points to a growing industry on underground forums where so-called “sniffers” are being advertised, sold and regularly updated.

The new research, shared exclusively with Threatpost, shows an array of threat groups who over the past six months have been tracked continually developing and advertising customized payment sniffers that are updated regularly, contain multiple capabilities, and are available for purchase or rent – making this type of web based attack more readily available to cybercriminals of all calibers, from sophisticated actors to script kiddies.

“The biggest takeaway is that there exists a market, demanded by cybercriminals, for threat actors to advertise customized sniffer variants to conduct attacks against e-commerce websites through malicious JavaScript injection,” researchers with Recorded Future told Threatpost, on Thursday. “These customized sniffers contain multiple functions and are updated regularly to defeat security enhancements.”

#hacks #web security #dark web #magecart #sniffer #amazon web services