What is a man in the browser attack?
Man in the browser attack refers to a situation when your browser becomes infected with a virus which installs a special extension to your browser. The goal of this second malicious extension is to steal your bank account details and other personal information for financial gain. Man in the browser attacks and very technically complicated and expensive to carry out and they are difficult to prevent too. The upside is that they are only possible when you use Internet Explorer – the default browser in Windows operating systems. It’s important to note that man-in-the-browser attacks most often happen when a person uses a developer’s website to download a browser extension instead of using the official browser store, as these stores require that all extensions offered there are free from malware.
How do man-in-the-browser attacks work?
As stated above, man-in-the-browser attacks are very complicated from the technical point of view, they are not simple scareware or adware programs that are generally easy to detect, avoid and get rid of. Most often, users don’t realize they are under attack until after their money has been stolen by hackers. So what exactly happens during a man-in-the-browser attack? Once the user on an infected browser visits their online banking website and initiates a transfer, the malicious extension detects it and replaces the information entered in the transfer request with new values. For instance, the recipient account will be changed to the hacker’s account. This is done while the transfer form is being sent to the bank server, so the user can’t see that the data has been changed. Once a confirmation form is sent from the bank to the user for approval, the extension changes the values again and displays the correct, original form to the user. The user approves the transfer and the data is changed back to the hacker’s information before it’s sent to the bank’s server. The bank then completes the fraudulent transfer without both the user and the bank itself suspecting that anything is wrong. Since all the transfer information is changed by the extension secretly, it is very difficult for the user to prove to the bank that they didn’t initiate this transfer themselves.
How to prevent man-in-the-browser attacks?
If you are a business owner, one of the easiest ways you can protect your clients from becoming victims of man-in-the-browser attacks is to use a secure, one-binary client that effectively makes man-in-the-browser attacks impossible. Another way to protect yourself and your clients is by using two-factor authorization. This way when a user tries to make a bank transfer, they need to confirm the transaction in a bank app, via email or text message. The authorization request message should contain all the transaction details to allow the user to verify that they haven’t been changed by a hacker. Lastly, in order to improve cybersecurity, all computer users need to be educated on the different types of hacks that are out there, how to identify them and what to do if the user is suspecting that they’ve been hacked.