Threat Database Malware G-Analytics JS-sniffer

G-Analytics JS-sniffer

By GoldSparrow in Malware

The G-Analytics JS-sniffer is part of a large group of threatening programs, which are essential Java scripts that are used to collect the computer users' credit card and online banking information. Threats like the G-Analytics JS-sniffer infiltrate websites at the point where computer users carry out an online payment during checkout. They will then use a variety of techniques to intercept the victims' financial information, which can then be used to collect the victim's money and empty their bank accounts. The G-Analytics JS-sniffer variant performing these attacks is especially threatening because it does not depend on one particular payment platform but can instead intercept information on a wide variety of payment platforms. It is paramount that computer users carrying out online payments are aware of these threats and that administrators of networks and websites containing online payment options make sure that they enable security measures that can help computer users protect their data from intrusion.

Why the G-Analytics JS-sniffer is Threatening

Computer users will be tricked into entering their credit card information of PayPal data, thus handing it over to the criminals responsible for the attack by a bogus payment form displayed by the G-Analytics JS-sniffer. Note that credit card and companies like PayPal do sometimes offer refunds and can block payments if computer users are aware that the attack occurred, meaning that computer users should monitor their credit card statements to safeguard against unauthorized charges. Threats like the G-Analytics JS-sniffer are generally available on the Dark Web for purchase or lease. Criminals looking to carry out these attacks will hire the G-Analytics JS-sniffer or similar threats and then compromise the websites using a variety of techniques, often relying on poor security protection or the installation of a backdoor Trojan or Trojan dropper.

Some Particularities of the G-Analytics JS-sniffer Attack

The G-Analytics JS-sniffer variant that is using these tactics injects corrupted code into the affected website's HTML code, as well as into PHP scripts on servers that are designed to handle payments in online retailers. Because of the G-Analytics JS-sniffer's attack, it can be difficult for server administrators to detect the presence of the G-Analytics JS-sniffer on a device, especially since the G-Analytics JS-sniffer imitates Google Analytics and other legitimate servers to hide its activity. The G-Analytics JS-sniffer's associated domain names and scripts also are disguised to look like legitimate services. Once the G-Analytics JS-sniffer has been delivered, the attack has several stages. The criminals also will deploy bogus payment forms that are loaded from a compromised server, giving the victims of the attack different payment options, apart from injecting the G-Analytics JS-sniffer scripts themselves.

Further Details Regarding the G-Analytics JS-sniffer Attack

Many different actors and criminal groups can be involved in the same the G-Analytics JS-sniffer campaign or attack, and the people that create and develop the G-Analytics JS-sniffer are often not the same people carrying out the G-Analytics JS-sniffer attack. The G-Analytics JS-sniffer has numerous variants, which can be customized to suit each specific attack by the criminal group or individual deploying it. The criminals will typically pay between 200 to 6,000 USD for the use of the G-Analytics JS-sniffer, depending on the extent of the attack, the need for support and the intended targets. The responsibility for hosting the resources used in the attack, tracking payments and victims, and deploying these threats are often shared between the various, different criminals, often creating complex relationships or markets.

Protecting Yourself and Your Websites from Threats Like the G-Analytics JS-sniffer

Threats like the G-Analytics JS-sniffer are often installed by leveraging outdated plug-ins, unpatched software and hardware, and taking advantage of weak passwords and other security protection. Because of this, website and server administrators have the responsibility to ensure that their security is up to date. Computer users should exercise caution when carrying out an online payment, checking to make sure that the form and website being used are legitimate.


Most Viewed