Hackers fond of man-in-the-browser (MiTB) attacks have brought efficiency to their work. New strains of MiTB malware have been discovered that are able to parse logs for the sensitive information hackers are targeting, rather than send massive unstructured logs back to the attacker’s command and control server. Read More ..
Researchers at Trusteer have been watching this development for a couple of months and said this is the first time they’ve seen real-time parsing of stolen data.
“Attackers are able to get that credit card information as fresh as possible, rather than having to wait for a log file,” said Trusteer senior security strategist George Tubin.
Traditional man-in-the-browser malware collects all the data entered onto a pre-specified website, such as a financial services site or online storefront, and periodically sends the attacker massive log files that require post-processing. The attacker would have to either manually scour the logs for personal or payment information, or use a log-parsing tool to do the job. Some attackers, instead, choose to sell these logs in bulk in the underground and let someone else worry about sorting through the data.
This new strain of MitB attack, dubbed universal man-in-the-browser by Trusteer, collects all of a user’s Web activity, and using pre-defined configurations, looks for particular data strings such as credit card or Social Security numbers and ships those back to the attacker in real time, eliminating the chance that a user would be alerted to the theft and have their card re-issued.