Security News > 2020 > August > Magecart’s Success Paves Way For Cybercriminal Credit Card ‘Sniffer’ Market
"The biggest takeaway is that there exists a market, demanded by cybercriminals, for threat actors to advertise customized sniffer variants to conduct attacks against e-commerce websites through malicious JavaScript injection," researchers with Recorded Future told Threatpost, on Thursday.
One such Russian-speaking threat actor currently making waves is called "Billar," which created and is the sole designer of a payment card sniffer called "Mr.SNIFFA." This sniffer was first debuted on Exploit Forum on Dec. 3, 2019, and is currently being advertised for about $3,000.
Another group of bad actors, which go under the monikor Sochi, tout a JS sniffer variant called "Inter," which has been active on forums like Exploit, Verified, and Club2CRD since Dec. 2018.
While researchers did not identify evidence of these threat actors using or selling compromised carding data that was retrieved from their customized sniffers, "Given that the purpose of sniffers is to steal payment card information and that information only has value if it is monetized, it is very likely that the card information must have been either sold or used to purchase goods online which are then resold," they said.
"Due to multiple attack vectors that threat actors can use to inject malicious JS code as well as the publicly known financial successes associated with Magecart attacks, threat actors are not only likely to continue to target payment process systems on vulnerable websites but are likely to continue to develop and sell customized sniffers that are capable of defeating updated security measures and alerts," said researchers.