A dangerous Man in the Browser (MitB) attack has been spotted, and security experts have warned it can pilfer any data a user enters, regardless of what website they are on.
Standard MitB attacks typically collect information like login credentials and credit card numbers entered by the victim in a specific web site. MitB malware also requires the cyber criminal to do plenty of “post-processing” to parse the logs and extract the valuable data, security firm Trusteer noted.
“This attack can target victims of new infections as well as machines that were previously infected by updating the existing malware with a new configuration. The data stolen by uMitB malware is stored in a portal where it is organised and sold.”
The company warned that uMitB, as it is so simple to use and takes away a lot of the work for the hacker, could become a popular choice amongst fraudsters. “For example, it could be used to automate card fraud by integrating with and feeding freshly stolen information to card selling web sites,” the company warned.
“The impact of uMitB could be significant since information stolen in real-time is typically much more valuable than ‘stale’ information, plus it eliminates the complexities associated with current post-processing approaches.”
At the heart of the problem is malware, which has to get onto the user’s machine before it can do any uMitB work. Users will have to hope their security protections block uMitB malware before it causes carnage.
See the video below from Trusteer on how these attacks can work:
How well do you know Internet security? Try our quiz and find out!
AI push sees Alphabet's Google saying it will consolidate its AI teams in its Research…
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…