GetBilling JS-sniffer

The GetBilling JS-sniffer is part of a large family of sniffers, which are corrupted scripts designed to collect the victims' credit card or online payment information when they carry out purchase online. Threats like the GetBilling JS-sniffer are typically based on JavaScript and are embedded into payment websites, grabbing the victims' payment information when they make a purchase. Threats like the GetBilling JS-sniffer often have numerous variants, each customized for different payment platforms such as Magento and Shopify. Threats like the GetBilling JS-sniffer first started to appear in 2017 but didn't receive attention until some high-profile attacks in 2018 alerted PC security researchers of the potential of these attacks to cause great deals of financial hardship. In 2019, PC security researchers started to track threats like the GetBilling JS-sniffer seriously, resulting in dozens of variants being detected carrying out attacks around the world.

How a PC can Get Infected by the GetBilling JS-sniffer Malware

One aspect of threats like the GetBilling JS-sniffer is that they are able to hide their functionality by hiding in plain sight, looking like legitimate analytics scripts used for delivering advertisements or tracking computer users' information. The GetBilling JS-sniffer and similar threats are generally delivered through corrupted plug-ins for the targeted websites and, once installed, will add corrupted scripts that activate when a user makes a payment using the website. The GetBilling JS-sniffer is the software equivalent of skimming devices used to collect credit card information at points of sale or ATMs. Once the victim enters their credit card information into the website, the GetBilling JS-sniffer will intercept the payment data, taking note of the victim's name, address, card numbers, verification codes, and other information entered by the victim when making a purchase. This information is sent in encrypted form to the GetBilling JS-sniffer's Command and Control servers where it can then be used to carry out credit card fraud and empty the victim's accounts or, more likely, sold in bulk to third parties that use it for similar purposes.

What’s Involved in Carrying Out the GetBilling JS-sniffer Attacks

One of the problems with confronting threats like the GetBilling JS-sniffer is that there are numerous moving parts involved in carrying out these attacks. Generally, the criminals that create and develop threats like the GetBilling JS-sniffer do not carry out the attacks but, instead, lease or sell these threats to third parties. These third parties use other malware or social engineering campaigns to distribute the GetBilling JS-sniffer to their targets, often customizing their attacks to suit particular victims. They, however, usually do not use the collected credit card numbers themselves. Instead, these are sold in bulk on the black market, where other criminals can buy them and then use them as part of various credit card or banking fraud operations.

Mitigating the Effects of Threats Like the GetBilling JS-sniffer

To stop threats like the GetBilling JS-sniffer, it will be necessary for credit card companies, website administrators, and computer users to work together. Website administrators must make sure that their payment platforms are free of corrupted scripts. Since threats like the GetBilling JS-sniffer typically lay dormant until they collect the victims' data, it is necessary that they scan their website traffic regularly in search of any unauthorized encrypted communication. Credit card users should monitor their transactions since the criminals using collected information will generally make small purchases that can add up quickly but can be difficult to detect. It is crucial also to activate two-factor authentication and other security measures that can help computer users prevent these tactics. When carrying out any online payment, computer users should remain on guard for fake payment pages and other corrupted content that can be used to collect information, especially if the website where the purchase is being made appears to have poor security or upkeep overall, which may point to possible neglect from its administrators.