Prevention
- Security Assessment
- Red Teaming
- Compliance Audit
- Pre-IR Assessment
- Compromise Assessment
- Cyber Education
- GIB Crypto
Crime without punishment: in-depth analysis of JS-sniffers
JS-sniffers pose a growing threat by attacking online stores and stealing payment data and credentials of their users. Group-IB experts have researched this type of malware and have discovered at least 38 families of JS-sniffers, whereas only 12 were known previously.
View reportTry Threat Intelligence & Attribution
Key facts
Group-IB experts have discovered 38 different JS-sniffer families, whereas only 12 were known previously
The total daily number of visitors of all the infected sites exceeds 1.5 million people
By selling compromised payment data cybercriminals can earn from $1 to $5 per card
JS-sniffers can be bought or rented on underground forums, with their price ranging from $250 to $5,000
This class of malware seemed to be a rather primitive threat to large players like banks and payment systems, since JS-sniffers were believed to target small online stores. Now, however, it is time to question that belief. When a site is infected, everyone is involved in the chain of victims — end users, payment systems, banks that issued compromised cards, and companies that sell their goods and services online.
The urgency of the problem is linked to its potentially huge audience (today, almost all of us use online stores). Group-IB Threat Intelligence & Attribution specialists continuously monitor the appearance of new JS-sniffers and appeal to the cybersecurity community to take a closer look at this growing threat.
Viktor Okorokov
Threat Intelligence & Attribution analyst
Group-IB research on targeted attack groups
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
Hi-Tech Crime Trends 2021/2022 part I
Uninvited Guests: The sale of access to corporate networks
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
Hi-Tech Crime Trends 2021/2022 part II
Corporansom: Threat number one
The history and analysis of affiliate programs and trends in the ransomware market.
Hi-Tech Crime Trends 2021/2022 part III
Big Money: Threats to financial sector
A look at the cyber threat landscape: ransomware attacks, carding activity, network access sales, phishing and scams.
Hi-Tech Crime Trends 2021/2022 part V
Scams and Phishing: The epidemic of online fraud
New fraud technologies & an analysis of schemes, tools and infrastructure
RedCurl: The Awakening
Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out, however, that RedCurl’s success could lead to a new trend in the cybercrime arena.
Ransomware Uncovered 2020/2021
The complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
Hi-Tech Crime Trends 2020/2021
Source of strategic data on the global cyber threat landscape and forecasts for its development
UltraRank: the unexpected twist of a JS-sniffer triple threat
New stage in JS-sniffers research. From analyzing malware families to identifying threat actors. For five years, the cybercriminal group UltraRank has conducted campaigns using JS-sniffers and managed to stay unnoticed for the most part.
RedCurl: The pentest
you didn’t know about
Research of the new espionage APT-group RedCurl and its elaborate attacks on enterprise companies in North America, Europe and CIS.
Online Piracy Research:
Jolly Roger’s patrons
Group-IB exposes financial crime network
of online pirates in developing countries.
of online pirates in developing countries.
Fxmsp: “The invisible god of networks”
The evolution of Fxmsp — one of the most notorious and prolific sellers of access to corporate networks on underground forums. Group-IB researchers analyzed Fxmsp’s activity on underground forums for three years and discovered that the threat actor had compromised networks of more than 130 targets.
Hi-Tech Crime Trends 2019/20
Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients.
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Hi-Tech Crime Trends 2018
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Hi-Tech Crime Trends 2017
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Lazarus Arisen: Architecture, Tools and Attribution
Lazarus group targets the largest international banks as well as central banks in various countries.
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
MoneyTaker
This hacker group is noticeable for 1.5 years of silent operations and multiple attacks. They still pose a threat: learn about MoneyTaker techniques and indicators of compromise now.
Buhtrap
From August 2015 to February 2016 Buhtrap managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25 mln.
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Anunak: APT against financial institutions
This research includes the findings of Group-IB and Fox‑IT on Anunak (Carbanak) group, which focused its activity on banks and electronic payment systems.
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
Hi-Tech Crime Trends 2021/2022 part I
Uninvited Guests: The sale of access to corporate networks
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
Hi-Tech Crime Trends 2021/2022 part II
Corporansom: Threat number one
The history and analysis of affiliate programs and trends in the ransomware market.
Hi-Tech Crime Trends 2021/2022 part III
Big Money: Threats to financial sector
A look at the cyber threat landscape: ransomware attacks, carding activity, network access sales, phishing and scams.
Hi-Tech Crime Trends 2021/2022 part V
Scams and Phishing: The epidemic of online fraud
New fraud technologies & an analysis of schemes, tools and infrastructure
RedCurl: The Awakening
Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out, however, that RedCurl’s success could lead to a new trend in the cybercrime arena.
Ransomware Uncovered 2020/2021
The complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
Hi-Tech Crime Trends 2020/2021
Source of strategic data on the global cyber threat landscape and forecasts for its development
UltraRank: the unexpected twist of a JS-sniffer triple threat
New stage in JS-sniffers research. From analyzing malware families to identifying threat actors. For five years, the cybercriminal group UltraRank has conducted campaigns using JS-sniffers and managed to stay unnoticed for the most part.
RedCurl: The pentest
you didn’t know about
Research of the new espionage APT-group RedCurl and its elaborate attacks on enterprise companies in North America, Europe and CIS.
Online Piracy Research:
Jolly Roger’s patrons
Group-IB exposes financial crime network
of online pirates in developing countries.
of online pirates in developing countries.
Fxmsp: “The invisible god of networks”
The evolution of Fxmsp — one of the most notorious and prolific sellers of access to corporate networks on underground forums. Group-IB researchers analyzed Fxmsp’s activity on underground forums for three years and discovered that the threat actor had compromised networks of more than 130 targets.
Hi-Tech Crime Trends 2019/20
Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients.
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Hi-Tech Crime Trends 2018
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Hi-Tech Crime Trends 2017
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Lazarus Arisen: Architecture, Tools and Attribution
Lazarus group targets the largest international banks as well as central banks in various countries.
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
MoneyTaker
This hacker group is noticeable for 1.5 years of silent operations and multiple attacks. They still pose a threat: learn about MoneyTaker techniques and indicators of compromise now.
Buhtrap
From August 2015 to February 2016 Buhtrap managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25 mln.
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Anunak: APT against financial institutions
This research includes the findings of Group-IB and Fox‑IT on Anunak (Carbanak) group, which focused its activity on banks and electronic payment systems.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence & Attribution
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Threat Hunting Framework
Comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks
Fraud Hunting Platform
Client-side digital identity protection and fraud prevention in real time
Digital Risk Protection
Al-driven online platform for external digital risk identification and migration