Researchers have discovered a new type of attack: man-in-the-browser
Universal Man-in-the-Browser attack is by introducing malicious extensions for web-browser.
According to the experts on information security from antivirus company Trusteer, the researchers discovered a new type of virus attacks – universal attack man-in-the-browser (Universal Man-in-the-Browser). According to them, the universal design, this method is the use of a Trojan application that resides in the web-browser malware victims extension runs when you restart the browser.
Note that this attack is not a “universal” design is the capture user is directed to a specific web-site (usually a bank). This allows hackers to modify the appearance of a portal, kidnap victim, or authentication data transferred by the user to redirect funds to a third-party account.
Otherwise, mark in Trusteer, when virus writers spend a universal attack man-in-the-browser, under the attacker’s control, without exception, gets all the traffic of the compromised system, not just one that is addressed to a specific web-resource.
Among other things, it allows you to set a malicious web-browser extension to collect all the data entered by the victim on any web-sites. In this case, the criminals do not need to further process the information collected, as the attack is carried out in real time.
Note that experts published in the appropriate YouTube videos that demonstrate the application of Universal Man-in-the-Browser:
“Almost each of the IT technology similar story happened. SMTP protocol devised with a view to delivery reliability, but of unsolicited messages (spam) is not thinking. Then it was too late to change everything. Memory access for programs not supplied authentication mechanisms for speed and versatility. And that lived nearly half of all vulnerabilities, “– says in his blog, the expert from the company InfoWatch Nikolai Fedotov.
You can view the Trusteer’s report here.