is one of them. JS-sniffer is a malicious code that is injected into the websites designed to steal customer payment data, personal details, credentials etc. Until recently, when the first RiskIQ report on this type of malware was published, the threat posed by JS-sniffers remained under the radar of malware analysts, who deemed it insignificant and unworthy of an in-depth research. However, several incidents have shown the opposite to be true, including 380,000 victims of a JS-sniffer that infected the British Airways website and mobile app, the compromise of Ticketmaster users' payment data, and the recent incident involving the UK website of the international sporting goods giant Fila, which could have led to the theft of payment details of at least 5,600 customers. All these incidents indicate that this threat has to be taken seriously.
In our recent comprehensive report
, Group-IB researchers analyzed 2440
infected ecommerce websites all around the world with a total of around 1.5
million unique daily visitors whose data could have been compromised. When a website is infected, everyone is potentially a victim – online shoppers, ecommerce websites, payment processing systems, and banks that issued compromised cards. Group-IB's report features an in-depth analysis of JS-sniffers' darknet market, their entire infrastructure and the monetization methods, which bring their developers millions of dollars. This is a first blog post in a series that features detailed technical analysis of different families of JS-sniffers.