Researchers have discovered a new type of Man-in-the-Browser (MItB) attack that is Website independent, and does not target specific Websites, but instead collects data submitted to all sites.
Trusteer have discovered a new Man in the Browser (MitB) scam that can collects data submitted to all websites without the need for post-processing.
According to Trusteer’s CTO Amit Klein: “In comparison, uMitB does not target a specific web site. Instead, it collects data entered in the browser at all websites and uses “generic” real time logic on the form submissions to perform the equivalent of post-processing. This attack can target victims of new infections as well as machines that were previously infected by updating the existing malware with a new configuration. The data stolen by uMitB malware is stored in a portal where it is organized and sold.”
In a YouTube video, the company demonstrated how the attack could happen. The video showed how a user could enter personal and financial information in a Web form on multiple Websites. After submitting the forms, the video showed a screenshot of the console used by the cyber-attacker. The console displayed the credit card data harvested from those sites, in what appears to be real-time data extraction.
For example, it could be used to automate card fraud by integrating with and feeding freshly stolen information to card selling web sites. The impact of uMitB could be significant since information stolen in real-time is typically much more valuable than “stale” information, plus it eliminates the complexities associated with current post-processing approaches.