Man-in-the-Browser (MitB) Attack – Are You a Victim?
Man-in-the-browser attack, which is quite similar to man-in-the-middle (MitM) attack, is a highly effective and sophisticated form of threat that could compromise the security of your computer and sensitive data like passwords, security codes and credit card information. This kind of attack occurs when a malicious code infects an Internet browser to modify the actions of a user, or even to initiate an action independently.
How can it happen?
Like most other attacks over Internet, this attack begins with a malware infection. A cyber-criminal can prompt you to install an updated version of a software, a malware in disguise, and such requests could closely resemble those of legitimate software vendors. Most users do not sense the need to scrutinize the origin of such requests and accept them, thus causing infection in their browsers unwittingly. This kind of malware, which is highly customized and morphed by its developer, escapes the virus filters that are created to detect generic virus types.
The malware waits in stealth mode until you visit a particular website. When the targeted action happens, this malicious software leaps into action and manipulates the page by injecting extra fields to collect sensitive information of the victim or it could act as a keystroke logger to steal data. There are many types of such malware that has different targets that are hard-coded in them. Some target e-commerce applications and others can aim at social-networking accounts.
You may come up with solutions such as scrutinizing URLs and verifying the look-and-feel of a specific website, but remember that your browser is entirely compromised and it can tamper with anything that you are supposed to see in your account, including the ‘personality’ of the website. It could be the balance sheet of your Internet banking account, where everything looks perfect, but your money could have been transferred to some unauthorized account. Some cyber-criminals have even successfully bypassed many two-factor authentication methods that are employed to secure online transactions.
Can you protect your browser?
Yes! You can do your best at your end to secure your browser. Be vigilant, when it comes to filling ‘extra’ fields on a website. It could be an ‘anonymous’ malware, waiting to slurp your sensitive data. Browser plugins could come to your aid to ensure a secure connection, but it is good to keep in mind that attackers can think beyond the browser plugin functionality to detect a loophole. You could choose to use your personal system to perform online financial transactions or to check your other ‘hush-hush’ accounts.
Most importantly, keep your browsers and operating systems patched up and up-to-date, because the updated versions contain not only some attractive features, but also some essential security updates which you cannot afford to miss out. If you are running outdated versions, they could be vulnerable and set a trap to your sensitive data. Pick out and install an effective security tool that can detect various types of browser infections. A hardened browser can keep you out of trouble most of the times if not always.
Cloud Security Architect
9 年Awesome information on MitB...Looking forward to read your next post...Cheers!!!
Security Engineer at AWS | Ex-Tesla | Black Hat & DEFCON Speaker | Awarded by PM of India & Sri Lanka | Featured in Reuters, Vice, and more
9 年Informative Article. BEEF and Armitage can also be used to takeover browsers using unverified browser extensions injection. That was also presented in one IEEE paper and here is the source of Beef strike , https://github.com/benyG/Beefstrike
GRC manager leading ISO 27001 | PCIDSS compliance | SIEM and Vulnerability Management. CISSP and wannabe CCSP
9 年This attack is quite similar to 'cross site scripting'.