Definition of the Day: Man in the Browser Attack

Home / Resources / Definition of the Day / Definition of the Day: Man in the Browser Attack

Imagine this scenario:

You’ve logged into your bank account to transfer funds and make payroll. You enter the temporary 9-digit code from the electric Fob your bank issued to secure online transactions. But, your bank account is empty! You’re a victim of cyber theft.

Cyber-attacks that manage to grab and use your Fob code from your banking security device are completely automated, often through what’s known as a Man-in-the-Browser attack.

A Man-in-the-Browser attack is when an attacker basically possesses your web browser. The attacker can capture anything you type while using the infected browser. It also has the ability to make changes to web pages you are visiting. A Man-in-the-Browser attack usually starts when you click on an online advertisement or click bait article. The attacker has altered the ad or article such that clicking on it triggers a process than injects Man-in-the-Browser malware into your browser in the form of a browser add-on or plugin. Once loaded, the malware shuts down the browser, often mimicking a crash. After re-launching, everything you type and access through that browser is recorded to a remote ‘drop server’ in another country, perhaps Romania.

The hacker now controls your browser. From there it monitors your activity and, when you access a bank website, it can insert extra fields into the bank web page asking for your FOB code. The web page looks like your bank’s website and so you enter the code.

Seconds later your entire bank account is drained and transferred to a ‘mule’ account controlled by the attacker. Then, your money is wired from that account to an attacker-controlled bank, usually in a remote area along the Sino-Russian interior, never to be clawed back.

Man-in-the-Browser attacks are particularly dangerous for a three important reasons.

  1. They don’t require complex phishing to take control of your browser. It’s as simple as accessing a web page.
  2. They aren’t viruses and thus can’t be detected by anti-virus software.
  3. They easily thwart 2-factor authentication because they record the security Fob’s unique numerical code in real time to use in real time.

The only fail safe solution to prevent this today is BankVault. When you connect to a BankVault session, you automatically sidestep any online threat that may be trying to steal money from your bank account.