ImageID JS-sniffer

The ImageID JS-sniffer is a program that uses JavaScript to intercept a user's banking data when it is entered on compromised sites. The ImageID JS-sniffer malware is a relatively new cyber threat that is a member of the Magecart malware family. "Magecart" is a blanket term for several cyber-threats associated with JavaScript-based skimming malware uploaded to online stores. The ImageID JS-sniffer is designed to record the credit card numbers, usernames, address, login credentials, password, and banking verification codes that Web surfers enter on checkout pages. Computer security experts reported that the ImageID JS-sniffer is a set of scripts that are planted on breached e-commerce platforms. The threat actors behind CoffeeMokko are said to use corrupted site plug-ins, zero-day vulnerabilities, spear phishing attacks and remote desktop attacks as vectors of entering targeted e-shops. In-depth analysis of more than 2500 samples revealed that the ImageID JS-sniffer is suited to run on sites that include payment systems from PayPal, Verisign, eWAY, Sage Pay, WorldPay, Stripe, USAePay, and a few others. Threats like the ImageID JS-sniffer are typically embedded into the Web analytics service that e-commerce sites are using as a way to avoid raising suspicion.

Security reports show that ImageID JS-sniffer is offered as a service on the Black Market and its prices range from $250 to $5000 depending on the intended campaign size and targeted platforms. Also, technical support for the ImageID JS-sniffer may be offered as an extra service considering that it can be modified to support many e-shop systems. E-commerce companies should take steps to secure remote desktop accounts, patch their site plug-ins and make sure to monitor network communications rigorously. Removing the ImageID JS-sniffer malware should not be difficult once you identify the harmful code on your platform.