So-called Man in the Browser scam is a common attack by hackers, which relies on people clicking on a link that will take them to a phony Web site. There, malware waits to scoop up any personal information that is entered.
Now a new version has been discovered, says a Boston company that makes endpoint solutions. As this story in NetworkWorld U.S. outlines, Trusteer CTO Amit Klein says the latest iteration can hide on any Web site. Klein dubs it the Universal Man in the Browser.
(Graphic from Shutterstock)
This is no creation of a prankster. According to Klein, the sophistication of its creators is revealed by the fact that there’s a Web portal ready to sell the data that the malware has harvested. What apparently makes this malware cunning is that it can forward data in real-time to scammers; the MitB attack captured data that needed to be filtered.
According to Trusteer, the malware at the moment isn’t on many Web sites. If so, they only have a short period of time to mount a defence.