A Man-in-the-Browser Attack is an attack in which the attacker uses a Trojan and infects a browser exploiting its security vulnerabilities and then modifies transaction content mainly for financial gains.
Using Man-in-the-Browser Attacks, attackers eavesdrop pages visited using the affected browser and whenever any transaction, especially financial transactions are made, in a banking site for example, it modifies transaction contents without the user's knowledge, even though secure communication channels are used.
How is Man-in-the-Browser Attack perpetrated
Study suggests, Man-in-the-Browser Attacks mainly follow the below mentioned steps :
- A user's computer gets infected by Trojans.
- The Trojan installs a malicious extension in the browser.
- Next time, when the user restarts the browser, the extension gets loaded automatically.
- The extension registers a handler for every page load, which tracks all the pages loaded by the browser and matches them with a list of known websites.
- Whenever the user loads a page listed in the extension's known website, the extension registers a button event handler.
- The user provides his authentication information and logs into the web application.
- The user fills up form for the transaction, a banking transaction for example.
- The extension intercepts the communication. It notes down the data entered by the user, but modifies the data and sends the modified data to the web application.
- The web application performs the transaction as per the modified data and sends the receipt.
- The extension again intercepts the communication. It modifies the data in the receipt with the data entered by the user originally.
- The user gets the modified receipt filled up with data provided by him.
Man-in-the-Browser Attacks are very difficult to detect, as they do not get normally detected by most of the anti-virus software.
Countermeasures for Man-in-the-Browser Attacks
Man-in-the-Browser Attack is difficult to detect. It is one of the most serious recent threats. There is no method of defense which can surely safeguard us. But, there are a couple of steps we can take to protect us better.
Closely monitoring any change in browser settings is one option of preventing this attack. Browser extensions and scripting should be limited. Do not use any browser extension if you are not very sure about its authenticity.
Banks should be aware of this type of attacks. Some banks provide anti-malware tools for preventing Man-in-the-Browser attacks. This helps at times. Though users should be aware of rogue tools in the name anti-malware tools.
Transaction verification is another step that can be taken by web applications to prevent this attack. Many banks use this method.
Users also should educate themselves about this attack and use their common sense while using sensitive web applications.
So, this was another article to inform you about one more recent threat. Hope it has helped you.