If not redirected, please click here https://www.thesecuritybuddy.com/vulnerabilities/what-is-man-in-the-browser-attack/
A Man-in-the-Browser Attack is
an attack in which the attacker uses a Trojan and infects a browser
exploiting its security vulnerabilities and then modifies transaction
content mainly for financial gains.
Using Man-in-the-Browser Attacks,
attackers eavesdrop pages visited using the affected browser and
whenever any transaction, especially financial transactions are made,
in a banking site for example, it modifies transaction contents
without the user's knowledge, even though secure communication
channels are used.
How is Man-in-the-Browser Attack perpetrated
Study suggests, Man-in-the-Browser Attacks mainly follow the below mentioned steps :
- A user's computer gets infected by Trojans.
- The Trojan installs a malicious extension in the browser.
- Next time, when the user restarts the browser, the extension gets loaded automatically.
- The extension registers a handler for every page load, which tracks all the pages loaded by the browser and matches them with a list of known websites.
- Whenever the user loads a page listed in the extension's known website, the extension registers a button event handler.
- The user provides his authentication information and logs into the web application.
- The user fills up form for the transaction, a banking transaction for example.
- The extension intercepts the communication. It notes down the data entered by the user, but modifies the data and sends the modified data to the web application.
- The web application performs the transaction as per the modified data and sends the receipt.
- The extension again intercepts the communication. It modifies the data in the receipt with the data entered by the user originally.
- The user gets the modified receipt filled up with data provided by him.
Man-in-the-Browser Attacks are very
difficult to detect, as they do not get normally detected by most of
the anti-virus software.
Countermeasures for Man-in-the-Browser Attacks
Man-in-the-Browser Attack is difficult
to detect. It is one of the most serious recent threats. There is no
method of defense which can surely safeguard us. But, there are a
couple of steps we can take to protect us better.
Closely monitoring any change in
browser settings is one option of preventing this attack. Browser
extensions and scripting should be limited. Do not use any browser
extension if you are not very sure about its authenticity.
Banks should be aware of this type of
attacks. Some banks provide anti-malware tools for preventing
Man-in-the-Browser attacks. This helps at times. Though users should
be aware of rogue tools in the name anti-malware tools.
Transaction verification is another
step that can be taken by web applications to prevent this attack.
Many banks use this method.
Users also should educate themselves
about this attack and use their common sense while using sensitive
web applications.
So, this was another article to inform
you about one more recent threat. Hope it has helped you.
No comments:
Post a Comment