Trusteer researchers have discovered a new type of Man-in-The-Browser (MITB)that does not target specific site, but instead collects data submitted to all websites. The attack is now referred as universal Man-in-the-browser (UMITB) attack.
This “universal” MitB attack, discovered by researchers at Trusteer, is different from traditional attacks, as it speeds up how data is stolen and may be used in automated campaigns.
Traditional MitB attacks generally are triggered when the victim computer is infected with malware that allows attackers to collect sensitive data(credit card numbers,login credentials) entered by the victim in a specific website. Generally the malware has a specific list of Websites it is monitoring for data entry.
But, the Traditional attack requires post-processing by the fraudster to parse the logs and extract the valuable data. Parsers are easily available for purchase in underground markets, while some criminals simply sell off the logs in bulk.
According to Trusteer report, the universal MITB attack doesn't bother with a list of targeted sites but monitor all sites loaded in the Web browser. The data stolen by uMitB malware is stored in a portal where it is organized and sold.
uMITB performs real-time post-processing removes much of the friction associated with traditional MitB attacks. For example, it could be used to automate card fraud by integrating with and feeding freshly stolen information to card selling web sites.
Trusteer suggest that the best protection against these kinds of man in the middle and other fraud attacks is to secure the endpoint against malware.
