FakeCDN JS-sniffer
Malware analysts have received reports of numerous JavaScript sniffers, including the FakeCDN JS-sniffer. These malware threats are corrupted scripts that are designed to collect the victims' credit card and online banking information, intercepting this data when the victim carries out an online purchase. The FakeCDN JS-sniffer has numerous variants, particularly because sniffers like the FakeCDN JS-sniffer are customized to target specific payment platforms and targets frequently. Threats like the FakeCDN JS-sniffer target a wide variety of payment platforms such as Magento and Shopify. They also will often include variants for specific banks and payment methods, such as PayPal.
Table of Contents
How the FakeCDN JS-sniffer can be Concealed Inside a Computer
The FakeCDN JS-sniffer is written using JavaScript, which allows the FakeCDN JS-sniffer to be easy to hide and to run without taking too many resources. This also allows threats like the FakeCDN JS-sniffer to carry out cross-platform attacks since they do not depend on one specific operating system on the victim's computer. Furthermore, threats like the FakeCDN JS-sniffer will often use obfuscated code and tactics that make it appear as if the FakeCDN JS-sniffer scripts are legitimate analytics scripts as used by many online platforms. The FakeCDN JS-sniffer is mainly being installed on targeted systems by hiding it as an innocuous plug-in.
How the FakeCDN JS-sniffer Attack Works
Once the FakeCDN JS-sniffer is installed, it will remain inactive, dormant on the targeted computer until a victim is directed to the payment or checkout form. This makes threats like the FakeCDN JS-sniffer difficult to detect when they are not carrying out an attack actively. When the victim carries out a payment on the infected page, the FakeCDN JS-sniffer will collect the information entered by the victim and then send this information to its Command and Control servers. Some of the information that the FakeCDN JS-sniffer collects in this way includes credit card and debit card numbers, passwords, security codes, credit card dates, names, addresses, and other information entered by the victim. This information will generally then be sold to a third-party who may use it to collect the victims' credit card information, money, or to carry various tactics and fraudulent deeds. Criminals taking advantage of collected credit card information will generally make multiple small purchases, which can add up and remain undetected for a long time unless the victims are monitoring their financial accounts and cards actively.
Threats Like the FakeCDN JS-sniffer Involve a Single Criminal Actor Rarely
One aspect of threats like the FakeCDN JS-sniffer that is crucial to understand is that they are rarely the product of a single criminal working alone. The people that develop and create threats like the FakeCDN JS-sniffer are generally not the same people distributing this threat or collecting the money from the victims' bank accounts. Criminals creating threats like the FakeCDN JS-sniffer will generally sell or lease the code for the FakeCDN JS-sniffer, which third parties will then use to carry out attacks, targeting various victims. Those carrying out the attacks may collect thousands or even millions from the victims' credit card numbers. These are sold in bulk on the Dark Web, often for only a few dollars per collected record (depending on the profile and size of the attack). Other criminals will then purchase these to collect the money from the victims or carry out credit card fraud. Essentially, there is a complex market around malware like the FakeCDN JS-sniffer, with different actors creating threats like the FakeCDN JS-sniffer, others distributing them, and others collecting money using the data gathered by the FakeCDN JS-sniffer attacks.
Dealing with the FakeCDN JS-sniffer Rarely
Stopping threats like the FakeCDN JS-sniffer will take a concerted effort from credit card companies, website administrators and computer users. Website administrators are advised to monitor their traffic and scripts regularly to detect threats like the FakeCDN JS-sniffer. Computer users should monitor their statements to find any fraudulent charges that could be the result of a FakeCDN JS-sniffer attack.
