A new credit card sniffer called R3NIN has been discovered for sale on a Russian-language cybercrime forum. The sniffer is a toolkit and panel designed to steal payment card data from compromised e-commerce websites and comes with features such as custom JavaScript code generation and cross-browser exfiltration of data.
The sniffer works by injecting a malicious script directly into a compromised payment merchant site and intercepting all data inputs made by unsuspecting victims.
The script captures input variables, converts them to a string, and sends them to the sniffer panel hosted by the attacker. Attackers also exploit iFrames to trick victims into entering additional data in a fake pop-up window.
Once attackers successfully exfiltrate the victim’s data from a compromised website, it is processed and sold in underground forums for other illicit purposes.
To prevent unauthorized access and compromise of payment systems, e-commerce merchants are strongly encouraged to conduct regular and thorough audits of their payment pages and servers that communicate with payment gateways.
It is crucial for individuals to be aware of these threats and take necessary precautions such as monitoring their payment card transactions for any unusual activity.
