G-Analytics JS-sniffer

The G-Analytics JS-sniffer is a piece of code that cybercriminals may add to the source code of compromised websites that usually deal with online payments – stores, software purchases, etc. The purpose of the G-Analytics JS-sniffer is to monitor the interactions happening between the website and the visitor silently, and to collect any information that may be used to initiate a payment immediately – this is why the G-Analytics JS-sniffer may often be added to checkout pages so that it will only be used when it has business to do.

The name of this particular JS-sniffer family is derived from the fact that its attackers may attempt to disguise it as a piece of code used by the infamous Google Analytics service. To achieve this, they may use a similar-looking JavaScript code snippet, and also use a fake domain such as Google-analitysc.com to trick non-vigilant users into thinking that this is a legitimate piece of code used by Google. G-Analytics also is one of the JS-sniffer families that may use more than code injection in HTML pages – researchers have noticed cases where the PHP scripts handling the payment processing were also modified by the G-Analytics JS-sniffer’s operators.

Sadly, the consequences of the G-Analytics JS-sniffer’s activity can be very dire for its victims – according to a recently released report, JS-sniffers may have infected over 2,200 websites in the past year, and this may have exposed the payment information of hundreds of thousands of clients. After the attackers obtain the credit card details, either they can use it to make purchases online (but at risk of being caught) or sell it on underground hacking forums simply.

Protecting yourself from the G-Analytics JS-sniffer can be tricky because it does not need to infect your computer to cause damage. The best security measures to take is to avoid browsing untrustworthy websites, as well as use a reputable anti-virus program that will keep an eye out for websites that exhibit suspicious behavior.