If you were to name the different types of attack methods cybercriminals use, it would keep you busy for some time. There are many wide and different attack vectors.

But there is one that has been gaining ground over the past few years and yet remains relatively unknown to many people. Dubbed as a Man-in-the-Browser attack (MitB), it is a form of content manipulation in which cybercriminals take advantage of vulnerabilities in a browser to gain full control over a user’s activity.  

  • MitB malware inserted into a browser can view and steal information as a user types into the browser.
  • It can also alter elements within a browser and inject content such as new fields without the user knowing about it.
  • This changes the functionality of the webpage. For instance, MitB malware can inject a new field into a webpage asking for date of birth or passport number to be entered into a login form.
  • The webpage appears the same to the user because the original URL and SSL protections (green padlock on browser bar) are the same.

In short, MitB malware sniffs, captures and modifies information as it travels between the user interface of the infected browser and the internet.

  • The malware can view everything that the end-user sees and can also do everything that the end-user can do with a browser.
  • Login credentials and other sensitive information are captured directly from the browser memory.
  • If the user of an infected system visits a banking website, the malware can modify the transactions as they are typed into the internet browser, for instance, directing payments to a criminal’s account.

The really scary thing about this MitB malware is that is virtually undetectable. While cyber-protection such as encryption, multi-factor authentication, firewalls, and antivirus software prevents the majority of attacks, MitB is immune to such measures and can remain invisible to users.

To date, MITB attacks have typically been used to target financial transactions. The malware can carry out fraudulent money transfers or payments, and the banking application that is being used will not be able to detect any fraudulent activity because the correct credentials have been entered.

The malware is typically delivered via malicious email attachments, links, or even when a user visits an infected website. Good cybersecurity housekeeping can defend against these delivery methods but a new attack vector is emerging that can easily result in home users and small offices becoming infected. This is MitB infection via browser extensions.

  • Browser extensions, or plug-ins, by design have full access to most of the browser’s resources and information being entered and saved within the browser.
  • Cybercriminals are injecting malicious codes inside browsers disguised as benign-looking browser extensions so they can gain unlimited access to all the data within the browser.
  • This approach enables them to gain cover against traditional cybersecurity systems that catch only malware executable and software exploits.

BullGuard’s custom-built secure browser provides layered protection against a wide range of well-known and dangerously damaging browser-based attacks including MitB threats.

It doesn’t automatically load cookies, plug-ins or extensions without your knowledge so you won’t unwittingly download a plug-in that is an extension for MitB malware.

If there is a browser extension you do want to download but are unsure of its legitimacy follow these tips before loading it:

  • Check out the developer’s website to make sure it is legitimate. You can usually find the developer’s name under the name of the extension. If you can’t find a developer’s name, then avoid using the extension.
  • Check out user reviews – they can be useful but watch out for reviews that glow too much, they could well be fake.
  • Carry out an internet search to see if the browser extension has been flagged as a security risk.

By using BullGuard Secure Browser and keeping these tips in mind, you’ll keep nasty MitB malware at bay. BullGuard Secure Browser is now available in BullGuard Internet Security and BullGuard Premium Protection.