ImageID JS-sniffer

The ImageID JS-sniffer (JavaScript sniffer) is a small and unsafe tool that cybercriminals may use to harvest the payment details of users who opt to make purchases from a website infected by the ImageID JS-sniffer. These JavaScript sniffers have gained a lot of popularity in the cybercrime field, and they are being sold on underground hacking forums at relatively low prices currently, therefore making them an accessible way for just about anyone to explore the world of cybercrime. Unfortunately, this is bad news for the users, since it means that there is one more thing to be alert while browsing the Internet.

Sadly, even the most vigilant users might be unable to spot the ImageID JS-sniffer’s attack because of this threat’s unique approach – instead of dropping files to the computers of users, the ImageID JS-sniffer is nested in the source code of a legitimate online store whose security has been compromised by cybercriminals. Often, the code that carries the ImageID JS-sniffer’s payload may be just a few lines long, and the owner of the website might have no idea that it is there. To further improve the stealthy measures of the ImageID JS-sniffer, its authors have attempted to disguise it as a script used by Google Analytics or jQuery. Last but not least, the ImageID JS-sniffer is programmed to stay inactive until the user interacts with the payment form, therefore reducing the time anti-virus software will have to detect and report the threatening script.

Since users may become one of the ImageID JS-sniffer’s victims while browsing legitimate websites, it is impossible to rely on basic security tips and tricks – the best way to protect your payment details from sniffers like this one is to take advantage of the services offered by reputable anti-malware products.