Man-in-the-Browser Attack (MitB)
Man-in-the-browser is a form of man-in-the-middle attack where an attacker is able to insert himself into the communications channel between two trusting parties by compromising a Web browser used by one of the parties, for the purpose of eavesdropping, data theft and/or session tampering.
Man-in-the-browser is often used by attackers to carry out various forms of financial fraud, typically by manipulating Internet Banking Services.
In order to compromise the browser, adversaries can take advantage of security vulnerabilities and/or manipulate inherent browser functionality to change content, modify behavior, and intercept information. Various forms of malware, most typically malware referred to as a Trojan horse, can be used to carry out the attack.
Out-of-band (OOB) transaction verification is a method of verifying the details of a transaction carried out using first communications channel – e.g. PC communicating with a Web server over the internet – by communicating verification information over a separate communications channel – e.g. sending a verification code using a cellular network to a mobile device associated with the account holder. OOB verification is used to overcome possible compromise of the channel used to originate the transaction, and is considered an effective measure to overcome man-in-the-browser attacks.
Man-in-the-mobile is possible, with two prominent examples being Zeus-in-the-mobile (ZitMo) and Spyeye-in-the-mobile (SpitMo).
There are many examples for man-in-the-browser malware and attack campaigns targeting online banking and other internet services. Infamous names of malware used include: Zeus, Spyeye, Bugat, Carberp, Silon, Tatanga, and more.
A proxy trojan is a type of Trojan horse designed to use the victim’s computer as a proxy server. It can intercept all requests to the real application – e.g. the victim’s Web browser – to see if it can fulfill the requests itself. If not, it forwards the request to the real application code. This gives the attacker the opportunity to do almost anything from the victim’s computer.
Certain types of MitB feature proxy trojan functionality.
Clickjacking is when at attacker tricks a web browser user into clicking on something different from what the user perceives, by means of malicious code in the webpage. It is most commonly used on ecommerce websites to cause users to click on links or images that redirect them to a different commerce site that might belong to a competitor or will be used to carry out a phishing attack.
Boy-in-the-browser (BitB) is a form of attack where the attacker uses malware to change the victim’s computer network routing to perform a classic man-in-the-middle attack. Once the routing changes are made, the malware may remove itself to hide its tracks and make detection more difficult.
Since a men-in-the-browser requires the installation of Trojan malware on the target computer, attackers use different phishing approaches to get their victims to cooperate. Once the Trojan Horse has infected the system, the attacker can then know all the user’s destinations on the internet. Many Trojans designed for men-in-the-browser can then generate code for extra input fields to appear on websites the user visits, thus gleaning all types of personal data.