New Boy In The Browser Attacks On The Rise

  /     /     /  
Publicated : 22/11/2024   Category : security

New Boy In The Browser Attacks On The Rise


Researchers at Imperva identify proxy Trojan attack targeting banks, retailers, and Google thats a less-sophisticated knock-off of man-in-the-browser


SAN FRANCISCO, CA -- RSA Conference 2011 -- A new but familiar type of attack on the rise is a spin-off of the proxy Trojan, keylogger, and man-in-the-browser (MITB) attack. The boy-in-the-browser (BITB) attack -- so named as a less sophisticated form of MITB -- may be immature, but its efficient, easy, and targeting users visiting their banks, retailers, and even Google.
It reroutes a [victims] traffic without them being aware ... Its so effective because its quick to modify itself so antivirus cant detect it. Its great for a quick-hit attack, says Noa Bar-Yosef, senior security strategist with Imperva, which issued a security alert today on this attack technique that its researchers have spotted in the wild.
BITB is basically a dumbed-down MITB in which the attacker infects a user with its Trojan, either via a drive-by download or by luring the user to click on an infected link on a site. The Trojan reconfigures the victims hosts file and reroutes the victims traffic for a specific website -- say, a bank or an online retailer -- and to the attackers own server posing as that site. Then the BITB attacker can intercept or modify the transaction. Its difficult to detect, Bar-Yosef says, because the victim sees the same URL he or she was requesting.
Bar-Yosef says the BITB is a low-cost and relatively easy attack to wage. Nine Latin American banks have been targeted with this attack, and another attack went after Google for ad fraud. In the Google attack, the attackers basically reconfigured the search engine address of different Google regional URLs, such as www.google.co.uk, which was rerouted to the attackers URL that appeared similar to the Google page. When the victim searches on the Google site, the request is sent to the attackers server, thus letting the attacker collect ad clicks or steal the victims persistent cookies, for instance.
That particular BITM attack was uncharacteristically simple to detect because the page wasnt a perfect match to the legitimate Google site, Bar-Yosef says, but in most cases, there are no obvious clues with these attacks.
Impervas advisory on the attacks is
here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
New Boy In The Browser Attacks On The Rise