KoolSpan U: Weekly Word Wednesday – Man In The Browser Attack
After the recent security breaches at Target, the NSA, and almost anywhere you turn these days, a majority of internet users are aware of the threats they face while surfing the net. Most have experienced some type of hacker attack, whether it be browser hijacking or a redirection to a fraudulent website or a pop-up ad, but most have avoided what is known as “a man in the browser” attack.
This kind of attack is a step up from conventional browser hijacking, in that no suspicious link or notification is involved. The perpetrator achieves anonymity by installing a Trojan horse onto the victim’s computer, which then alters information sent and received over the web in real time. Once the victim enters a URL into the browser that the perpetrator is interested in, the perpetrator is not only able to retrieve information and keystrokes from the current web transactions but also to act as the server and send replies enabling him to lure further information from the victim.
Man in the browser attacks have been used mostly in financial fraud, which is likely due to the high price and high level of technology needed to carry out the attack. Securing devices with anti-virus software and hardware such as the Koolspan TrustChip can ensure that devices are less likely to be infected by such damaging attacks that are increasingly damaging with the amount of information stored on mobile devices.