Man in the Browser (MitB) attacks utilize a trojan horse covertly installed on a computer system that modifies the user's web transactions in real time, intercepting the messages in a public key exchange and replacing the targeted security keys with fake ones.
Unlike a phishing attack, where an unsuspecting user is redirected to a web address other than their intended target, a MitB attack can occur when the user has typed a URL directly into the browser bar. MitB trojans may be detected and removed by antivirus software, and attacks countered using an out-of-band transaction verification technique.
MitB attacks are deployed via user script, a Browser Helper Object (BHO), or an insecure browser extension. The trojan enables its creator to circumvent the security features of the web browser. The trojan then facilitates the interception of calls between the user and the website they are engaging. Specifically the trojan can:
- Alter website columns and fields, or add them
- Alter financial transaction information including account details and purchase details
- Suspend or seize an ongoing transaction in real time
- Alter a website's appearance
- Alter the servers’ responses, such as thank-you pages
- Seize data entered into fields on a website
- Alter the transaction history if the user revisits the website