Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto

From securityaffairs.co

In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more cybercriminals, and JS-sniffers became one of the most prominent sources of stolen bank cards on underground markets. However, in one recent campaign we saw a big step forward in attacks on e-commerce websites involving JS-sniffers.

In July 2020, Sansec published an article about the attacks on US and European online shops with the use of JavaScript sniffers (JS-sniffers). The researchers attributed the “clientToken=” campaign to the North Korean APT called Lazarus (aka Dark Seoul Gang, HIDDEN COBRA, Guardians of Peace, APT38, APT-C-26, Labyrinth Chollima, Zinc, Bluenoroff, Stardust Chollima).

Read more…