28th March, 2017
Man-in-the-Browser (MitB) attack is one of the most harmful forms of online threats prevalent in the recent times. It involves the use of a Trojan horse to gain access to the target user’s online banking credentials, financial details, account numbers and other sensitive information. The hacker uses a phishing approach to trick the user to click on a link that directs him to a website with manipulated form fields. A Man-in-the-Browser attack is quite difficult to detect as it does not hamper the normal functioning of the web browser.
Man-in-the-Browser attack can be specifically risky because of the following reasons:
- It does not require complex hacking or phishing techniques to gain access to the user’s web browser.
- It cannot be detected by anti-virus software.
- Since the attack operates between the browser and the user’s input, it can easily circumvent the standard security measure, such as two factor authentication.
How Does A Man-In-The-Browser Attack Work?
Just like other online attacks, a Man-in-the-Browser attack also begins by infecting the user’s computer with a malware. This may be done by compelling the user to download a malicious attachment, visit a fake website or click on a malware injected URL. Once the system has been infected, the malware remains in stealth mode until the user performs the desired action, such as access an online banking account or visit a shopping website.
At this stage, the malware gets activated and creates a code to add extra input fields in the web page. When the user enters the information in these fields, it gets transmitted to the hacker. The Man-in-the-Browser attack can even involve secretly manipulating data on the website, such as account number or amount to be transferred to initiate illegitimate transactions without the knowledge of the user.
How To Prevent Against Man-In-The-Browser Attack?
- Keep your web browser, operating system and other software updated as well as properly patched.
- Install anti-malware software on your computer system and update it frequently.
- Be careful while filling form fields on online banking and shopping websites. If you are asked to fill in additional form fields, provide more
- information than is normally required or re-enter your password, you should close the browser and start a new session.
- Keep a check on browser extensions. Make sure you use only reputed extensions and disable the ones that are no longer required.
We, at Centex Technologies, provide complete information security solutions to business firms in Central Texas. For more information, feel free to call us at (855) 375 – 9654.