JS Sniffer exploited in multiple attacks for e-commerce data theft
Target: e-commerce financial framework Magento, OpenCart, Dealer.com, Shopify, WordPress and others
Summary: Researchers have been tracking a new e-commerce financial data theft framework since 2017. JS Sniffer has been mainly leveraged against Magento, an open source e-commerce platform, but has also been observed attacking OpenCart, Dealer.com, Shopify, WordPress and others.
JS Sniffer has been developed as a data scraping tool which sucks up vast amounts of credentials, passwords, financial details and other personal data from its victims. It sits quietly in the background on legitimate websites making many victims unaware that as they enter details for a legitimate transaction, their details are being harvested by cyber-criminal gangs.