FakeCDN JS-sniffer

The FakeCDN JS-sniffer is a family of Trojan sniffers that can intercept your information while you're shopping on the Web. Instead of most spyware that infects the user's device or PC, the FakeCDN JS-sniffer compromises the vendor's website and injects corrupted scripts that it can disguise for avoiding any suspicions. Anti-malware browser security for customers and anti-malware site-scanning solutions for site admins can help with the blocking or removing of the FakeCDN JS-sniffer's members.

A 'CDN' Turns to Theft Instead of Delivery

Trojan sniffers are becoming an ever-more-developed ecosystem, consisting of programmers developing the threats and selling them to other criminals, similarly to the Ransomware-as-a-Service sector. One of the families in this category, the FakeCDN JS-sniffer, supplements its attacks with social engineering tricks for hiding itself and misdirecting any guesses about its identity. While malware experts aren't compiling any conclusive statistics on its total profits, any the FakeCDN JS-sniffer Trojan is both adept at exfiltrating information and making itself seem harmless while doing so.

The FakeCDN JS-sniffer, like other Trojan sniffers' families (see also: the Qoogle JS-sniffer, the G-Analytics JS-sniffer,the ImageID JS-sniffer, or the MagentoName JS-sniffer) can be inserted into a website's code after the brute-forcing of a login or abuse of software vulnerabilities. The second option remains relevant to the FakeCDN JS-sniffer due to its correlation with targets using CMS options like WordPress or Magento especially since the FakeCDN JS-sniffer isn't a 'generic' Trojan sniffer and can compromise only sites that are using the compatible management software.

The FakeCDN JS-sniffer runs its scripts when Web traffic goes through the site's payment-processing features, and, like competing Trojans, will disguise its attempts at collecting data as being requests from non-corrupted sites or services. The FakeCDN JS-sniffer has ties to social engineering tactics that fake affiliations with Content Delivery Networks or CDNs especially, some of the most prominent of which include Cloudflare, Amazon's CloudFront, and Akamai Technologies (the latter is indirectly a subject of interest in some pop-up attacks, as per Rvzr-a.akamaihd.net and Rvzr2-a.akamaihd.net). The use of a well-known brand for its URL requests and redirects efficiently hides the attack as coming from an implanted Trojan.

The Anti-Sniffing Techniques for Both Sides of the Web

The FakeCDN JS-sniffer is a possible issue for all server administrators running any of various brands of CMSes, which are under regular attack by threat actors seeking randomly-vulnerable targets. Updating server software to its latest version is necessary for keeping all vulnerabilities minimal, and using passwords with high levels of complexity isn't negotiable for stopping brute-force attempts. Other solutions may vary with your chosen software platform, although anti-malware solutions always exist for identifying and removing Trojans from a website's code.

Users can take advantage of JavaScript and domain-blocking features for their browsers and related security software. While making online purchases, they should remain alert to unusual behavior, even if it appears to come from the 'right' website, such as requests for more than the ordinary level of confirmation information related to credit or debit cards, or one's identity. A traditional anti-malware product should block these attacks although preventing future incidents require's the website maintainer removing the FakeCDN JS-sniffer's Trojan.

The FakeCDN JS-sniffer can be as harmful as slipshod security behavior lets it be, but using a highly-marketed brand make trusting it easy for its victims. Paying very close attention to even a single, 'off' letter in a Web address could be all that keeps you from giving your information over to a Black Hat.