Man-in-the-browser (MITB) attack, a form of Internet threat related to man-in-the-middle (MITM) attack. It is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages. It modifies transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.
A MITB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two or three-factor Authentication solutions are in place. A MITB attack may be countered by utilizing out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MITMO) malware infection on the mobile phone.
Trojans may be detected and removed by antivirus software with a 23% success rate against Zeus in 2009, and still low rates in 2011. The 2011 report concluded that additional measures on top of antivirus were needed. A related, more simple attack is the boy-in-the-browser (BITB) attack. The majority of financial service professionals in a survey considered MITB to be the greatest threat to online banking.
In a nutshell example exchange between user and host, e.g. an Internet banking transaction such as a funds transfer, the customer will always be shown, via confirmation screens, the exact payment information as keyed into the browser. The bank, however, will receive a transaction with materially altered instructions, i.e. a different destination account number and possibly amount. The use of strong authentication tools simply creates an increased level of misplaced confidence on the part of both customer and bank that the transaction is secure. Authentication, by definition, is concerned with the validation of identity credentials. This should not be confused with transaction verification.
Protect against malicious access to the browser:
Organizations need to control all access to browser interfaces (Add-on’s, API and DOM) to prevent data theft and end user social engineering. This ensures sensitive HTML information is not captured and page content is not tampered with. The ability to detect, analyze and block unauthorized attempts to override browser functions can help prevent fraud through compromised endpoints until the threat is fully removed.
Prevent and Remove Malware Infections:
MITB attacks are carried out by malware residing on the end users machine. Organizations need to ensure endpoints are not compromised by malware by disabling exploit code used in drive-by-download infection attempts, and blocking malware downloaders and installers. If a device is already infected, automated malware removal cleans up the endpoints quickly and cheaply.