Universal Man In The Browser Attack Evolves To Take Data From Any Website

A dangerous Man in the Browser (MitB) attack has been spotted, and security experts have warned it can pilfer any data a user enters, regardless of what website they are on.

Standard MitB attacks typically collect information like login credentials and credit card numbers entered by the victim in a specific web site. MitB malware also requires the cyber criminal to do plenty of “post-processing” to parse the logs and extract the valuable data, security firm Trusteer noted.

“In comparison, uMitB [Universal Man in the Browser] does not target a specific website. Instead, it collects data entered in the browser at all websites and uses ‘generic’ real time logic on the form submissions to perform the equivalent of post-processing,” said Trusteer’s CTO Amit Klein.

Making Man In The Browser easy

“This attack can target victims of new infections as well as machines that were previously infected by updating the existing malware with a new configuration. The data stolen by uMitB malware is stored in a portal where it is organised and sold.”

The company warned that uMitB, as it is so simple to use and takes away a lot of the work for the hacker, could become a popular choice amongst fraudsters.  “For example, it could be used to automate card fraud by integrating with and feeding freshly stolen information to card selling web sites,” the company warned.

“The impact of uMitB could be significant since information stolen in real-time is typically much more valuable than ‘stale’ information, plus it eliminates the complexities associated with current post-processing approaches.”

At the heart of the problem is malware, which has to get onto the user’s machine before it can do any uMitB work. Users will have to hope their security protections block uMitB malware before it causes carnage.

See the video below from Trusteer on how these attacks can work:

How well do you know Internet security? Try our quiz and find out!