What is a Man-in-the-Browser attack and how to prevent it?

Most people use a browser for everything from logging into a bank account to paying bills, texting, and more. Therefore, man-in-the-browser is one of the most attractive attack targets of Hackers.

Controlling one’s browser isn’t easy. And popular browsers are designed to prevent that. But hackers can do it using what is known as a man-in-the-browser attack.

So what exactly is a man-in-the-browser attack? And more importantly, how to prevent it?

What is Man-in-the-Browser Attack?

A man-in-the-browser (MitB) attack is when a Trojan is used to intercept or modify data sent between a browser and a web server.

Usually by using unsafe browser extensions, scripts, or browser helper objects (Browser Helper Object).

The man-in-the-browser attack is a type of man-in-the-middle attack. It is characterized by interception at the application level, not the network level.

Unlike phishing attacks, users are not required to visit a malicious website. Instead, the user visits a legitimate website but what they actually see is controlled by the attacker.

The man-in-the-browser attack can be used to:

• Change the look and feel of a website.
• Add a new column/field.
• Modify the site’s response to input.
• Block information sent by users.
• Modify information submitted by the user.
• Capture the entire session in real time.

When do Man-in-the-Browser attacks happen?

Man-in-the-browser attacks are mainly performed in financial transactions. Or steal your Facebook account.

For example: When you install a malicious extension, it can take your cookie, Facebook token and send it to the Hacker server. Or information about Internet Banking account. When successful, your payment details may be stolen and the payment may even be transferred to another person.

This type of attack can also be used to steal personal information. For example, if you come across an online form asking for your ID/CCCD number, or phone number, personal information…

How do Man-in-the-Browser attacks work?

Man-in-the-browser attacks can be performed in a number of different ways. Here’s how MitB attacks typically work:

1. You accidentally downloaded the Trojan to your computer. This can happen if you visit the wrong website, download the wrong file, or open the wrong email attachment.
2. The Trojan installs something that can manipulate your browser. Usually a browser extension.
3. You open your browser and the extension will automatically load. That extension will have a list of websites it is compatible with. It won’t work until you visit one of those sites.
4. You go to the banking website listed and the extension will be enabled. It records everything you enter from the keyboard.
5. You log into your account and request a bank transfer of 100 million.
6. That extension will modify the information so that the money goes from 100 million to 1 billion and the money goes to the attacker’s bank account.
7. Your bank receives the request, transfers the funds, and responds that the transfer was successful.
8. The extension modifies your bank’s response and your browser tells you that 100 million has been successfully transferred.

In this example, neither you nor your bank is in doubt.

How to Prevent Man-in-the-Browser

Man-in-the-browser attacks are difficult to detect. They only happen when you visit legitimate websites. And they are designed to provide responses that seem legitimate and normal.

The good news is that we can be prevented from these attacks.

Use out-of-band authentication

Out-of-band authentication is a type of two-factor authentication that can prevent man-in-the-browser attacks.

Out-of-band authentication uses a secondary channel like SMS to confirm the details of any transaction you make.

For example, if you are doing a bank transfer, you will have to receive an SMS from your bank first. The message will include all transaction details and it will not continue until you reply with confirmation.

The idea here is that if your browser is compromised, it’s very unlikely that an attacker will gain access to your SIM card.

Use security software

Any reliable security software will make Trojan almost impossible to be installed on your computer.

Modern anti-virus products are not only designed to prevent such programs from being installed, they also monitor your entire computer for programs that behave like Trojans. This means that if a program bypasses your AV, it will be caught when it starts working with the browser.

Know when your computer is infected with a Trojan

If your computer is infected with a Trojan, it will usually start acting erratically. Here are a few things to watch out for.

• Your browser is taking you to websites you didn’t ask for.
• Your browser suddenly shows more ads.
• Your internet connection is interrupted.
• Your computer connects to the Internet on its own.
• Your computer displays a popup message.
• Your computer is slower than usual.
• Running programs not opened by you.
• Files are moved or deleted without your knowledge.

Avoid malicious websites

Security software is useful, but it should only be used as a last line of defense. What’s more important are the websites you visit and the files you download.

Try to avoid questionable sites like those that offer anything that infringes copyright. Be careful what you download and where you download it.

Email security

Email is a common method for spreading Trojans. Attackers send millions of emails in the hope that only a few will be opened. Emails can send Trojans as attachments and links to malicious websites.

Don’t open emails from unknown senders and suspect any that ask you to download something or click a link.

Man-in-the-browser attacks are one of the most effective ways to steal information from online users.

The good news is that while they are hard to detect, they are easy to prevent. A man-in-the-browser attack is not possible if you do not have the Trojan installed in advance. And with the right security software and safe browsing habits, this isn’t something you need to worry about.