Fraudsters can target the information entered by a victim on all websites

Oct 5, 2012 13:11 GMT  ·  By

It’s a known fact that cybercriminals often rely on man-in-the-browser (MitB) attacks to steal highly sensitive data from unsuspecting internauts. However, experts found that they took these operations to the next level with Universal Man-in-the-Browser (uMitB) attacks.

MitB attacks are utilized to collect the data entered by a user on a specific website, but for them to be successful, the criminals have to parse the logs and extract the valuable details in what’s called “post-processing.”

Unlike the classic ones, uMitB attacks don’t target only a specific website. Instead, a generic real-time logic is utilized during the submission process, data entered in all websites being collected.

“This attack can target victims of new infections as well as machines that were previously infected by updating the existing malware with a new configuration. The data stolen by uMitB malware is stored in a portal where it is organized and sold,” Trusteer’s CTO Amit Klein explains.

“uMitB’s ability to steal sensitive data without targeting a specific website and perform real-time post-processing removes much of the friction associated with traditional MitB attacks,” he adds.

According to researchers, card fraud could be automated with these attacks by connecting them to carding websites. Cybercriminals could ensure that each time a set of credentials is stolen, it would be automatically fed to the fraud site.

Another advantage of uMitB is that the information stolen in real time is worth considerably more than “stale” information. Furthermore, the issues associated with post-processing would be eliminated.

However, all is not lost. While these attacks are far more complex, they can still be stopped. Since they rely on classic pieces of malware, the effects of all types of financial fraud campaigns can be mitigated if endpoints are properly secured.

Here is a video demonstrating uMitB attacks: