The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at

Man in the browser attacks your online transaction – BullGuard


It’s subtle. It’s malicious. It’s the man in your browser.  And it’s after your online credentials.


Sounds alarming? Well, it should. Of all the internet security threats you face while you’re browsing the web, shopping and banking, the man-in-the-browser attack is arguably the most dangerous. Cybercrooks use this attack method to capture confidential information (password, security codes, credit card numbers etc.) that they can use to their advantage. And the online banking sector is specifically targeted.


Some man-in-the-browser attacks can even bypass the two-factor authentication methods used by some banks. And these techniques can affect not only the internet security of the respective banks and their users, but potentially of the whole online banking sector.



What’s the story of the insider?


Cybercriminals have been using the man-in-the-browser hacking method for several years now, in ever-more sophisticated attacks. It relies heavily on malware – Trojan horses, to be more specific. The Trojan cybercriminals love to use in their attacks on online banking areas is the notorious ZEUS. First identified in 2007, Zeus has been messing with people’s internet security, either in its original form or in mergers with other Trojans (like Spyeye).


While browsing around, you may come across a malicious site that may convince you to download some freeware. But what you don’t know is that along with the free stuff you can also download the mighty Zeus. Falling for phishing schemes is another common way to catch Zeus onto your computer. And this is when your internet security gets compromised. Once settled onto your PC, Zeus’ malicious code starts stealing your precious information or harming your system.



How can the man in the browser manipulate your banking transaction?


In early February 2012, BBC’s Click programme showed how powerful a man-in-the-browser attack can be. They’ve even created a custom Zeus-like piece of malware to describe the “man in the browser”, and they used this test tool to see how existent internet security tools “reacted” to it.


So, as it turns out, in this particular type of attack – man-in-the-browser – the malicious code settles comfortably in your web browser. There it rests dormant until you visit your bank account. When you try to log in, Zeus activates itself and manipulates your browser to show a fake login page that looks exactly like the login page of your bank’s website, with just a few minor exceptions: additional boxes where you have to fill in information your bank wouldn’t ask you for – card security/verification codes, or even your PIN.


Once you unknowingly enter those details, cybercriminals can breach your internet security and take over your account. They can:


  • Modify transaction content or insert additional transactions, all in a covert fashion, invisible to you and your bank. Basically, with the help of the infected browser, the attacker gets between you and your bank. You are shown the exact information you entered for the transaction, while your bank “sees” a totally different destination account number and/or amount.
  • Adjust account balance, so that you don’t figure out the scam.
  • Hide records of fraudulent money transfers in your transaction history.


How’s all this for an internet security breach?


Now, you can either be afraid of falling victim to an internet security scam of this gravity, or do something about it and defend yourself. Good news is BullGuard’s internet security suite can defend you, without you having to raise a finger, against even the newest forms of such attacks. And that’s been demonstrated in the test conducted by Malware Research Group on behalf of BBC’s Click.



How to spot a man-in-the-browser attack and protect your internet security?


  • If your transaction takes longer than normal, there’s a chance it’s part of a fraudulent process. The same goes for unusual computer slow-downs.


  • If you’re asked to fill in more information than usual, details that your bank wouldn’t normally ask for – especially if you’re asked for your entire password when on previous occasions you had to enter only parts of it – this might be a sign that your internet security was compromised by a man-in-the-browser attack.


  • If you suspect something is wrong with your account, contact your bank by phone – check your credit card for the official phone number – not by e-mail.  Verify with them what transactions are showing on your account, and how many times your account has been accessed lately, to see if their answers match your own.


  • Keep all the applications on your PC up-to-date, especially your internet security program and your browser. BullGuard Internet Security 12 may come in handy thanks to its Vulnerability Scanner, which checks for out-dated versions and recommends patches and updates.


  • The best offense is good defence. Make sure you have effective internet security on your PC. As demonstrated by BBC’s, BullGuard’s internet security suite is at its highest game when it comes to man-in-the-browser-attacks. And this is due to its Behavioural Detection technology that spots malware of all types, no matter how old or new, by how it acts in your system. The idea behind it? “If it walks like a virus and dances like a virus it probably is, and is therefore quarantined.”

Was this article helpful?