Skip to content
 

Man-in-the-Browser

Question: 
What is a Man-in-the-Browser attack and how can I protect my Internet banking customers from it?
Answer: 

A Man-in-the-Browser attack, also called a "Proxy Trojan" is a sophisticated attack that infects a user's web browser and allows an attacker to:

  • Not have to worry about SSL encryption (which happens outside the browser), enabling them to inspect any content sent or received by the browser
  • Bypass multi-factor authentication controls (money can be stolen while the user is legitimately logged in)
  • Intercept and/or manipulate transactions or data
  • Hide malicious activity from the user during the session

    One way to prevent Man-in-the-Browser attacks is to use out-of-band transaction verification. This means that transactions must be additionally verified through some means other than the user's Internet banking session (e.g. by fax or by phone). Another method of prevention is through the use of special USB devices, such as IronKey, that increase browser session security.
    • Vendor: 
    Conetrix

    First published on 11/14/2011

    Filed under: 
    Security

    Report a problem with this page

    Search Topics