Image 01 Image 02 Image 03 Image 01 Image 02 Image 03 Image 03 Image 03 Image 03 Image 03 Image 03 Image 03 Image 01 Image 02 Image 03 Image 03 Image 03

Man-in-the-Browser (MitB)

Web Pages Injection and Tempering

Fraudsters use Man-in-the-Browser (MitB) malware to capture data or social engineer users into surrendering login credentials and other sensitive information. Man-in-the-Browser malware infects the end user’s device and injects new HTML into web pages served by the web server and captures information directly from the browser memory. 
MitB web injection techniques seamlessly integrate into the web application look and feel and retain the original URL and SSL protections. For all intents and purposes, the injected page looks like an original page served by the bank and can truly challenge even the most sophisticated, security-aware end users.  
Some MitB attacks inject additional fields to the login page to capture additional information from the victims. Figure 1 below shows a screen capture, taken from real malware attack, that added two fields to the login screen of an online banking site: “Generated Token Password”  and “Wire Pin.”
 
Added-Fields-to-Online-Banking-Login-Page
Figure 1: Added Fields to Online Banking Login Page
 
Many malware configurations leverage MitB attack to inject an entire page (or sequence of pages) that are designed to social engineer the end user into providing information or performing an action. Figure 2 shows a screenshot of a real web inject into a popular web site. Unsuspecting users are encouraged to enter sensitive personal information (in this case, credit card data) under the pretense of “extra security measures.”
 
Social-engineering-with-full-page-injection
Figure 2: Social engineering with full page injection
 
MitB malware leverage browser add-on, Document-Object-Model (DOM) interfaces and patch browser executable files to gain access to application data.  To protect against MitB attacks, organizations need to ensure browser interfaces are not maliciously accessed or tampered with and that the end users' devices are free of MitB malware.  
 

Protect against malicious access to the browser 

Organizations need to control all access to browser interfaces (Add-on’s, API and DOM) to prevent data theft and end user social engineering. This ensures sensitive HTML information is not captured and page content is not tampered with. The ability to detect, analyze and block unauthorized attempts to override browser functions can help prevent fraud through compromised endpoints until the threat is fully removed. 

Prevent and Remove Malware Infections 

MitB attacks are carried out by malware residing on the end users machine. Organizations need to ensure endpoints are not compromised by malware by disabling exploit code used in drive-by-download infection attempts, and blocking malware downloaders and installers. If a device is already infected, automated malware removal cleans up the endpoints quickly and cheaply.