Real-time data theft with "Universal Man-in-the-Browser"
Contributed by: Email on 10/05/2012 02:50 PM [ Comments ]
US security company Trusteer has identified a new type of man-in-the-browser (MitB) attack, which is both easier to use and more efficient than previous known MitB attacks. What marks this particular piece of spyware out is its integrated logic, which enables it to analyse stolen data in real time, allowing it to be sold on extremely rapidly. Trusteer has christened this new MitB "Universal Man-in-the-Browser" (uMitB).
A man-in-the-browser (MitB) is a trojan that hooks itself into a browser as an add-on and sniffs out or modifies data. Victims are usually unaware that their data is being skimmed, as they can access and are able to use target sites as normal.
Standard MitB modules, such as those used by online banking malware Zeus, target specific web sites, such as banking sites. They may also record data pertaining to other web sites, but this is recorded in a very general form and any captured data has to be subsequently analysed manually.
The MitB described by Trusteer is marked out by its speed (real-time) and the fact that it analyses data directly "inline". Credit card data and security (CVV) codes are extracted and transferred to the malware operator's servers immediately. This has the advantage for fraudsters that fresh data offers a greater chance of success and is worth more on the black market. A (silent) video by Trusteer shows the Universal MitB working.
One Size fits all
A man-in-the-browser (MitB) is a trojan that hooks itself into a browser as an add-on and sniffs out or modifies data. Victims are usually unaware that their data is being skimmed, as they can access and are able to use target sites as normal.
Standard MitB modules, such as those used by online banking malware Zeus, target specific web sites, such as banking sites. They may also record data pertaining to other web sites, but this is recorded in a very general form and any captured data has to be subsequently analysed manually.
The MitB described by Trusteer is marked out by its speed (real-time) and the fact that it analyses data directly "inline". Credit card data and security (CVV) codes are extracted and transferred to the malware operator's servers immediately. This has the advantage for fraudsters that fresh data offers a greater chance of success and is worth more on the black market. A (silent) video by Trusteer shows the Universal MitB working.
One Size fits all
Comments