Protecting against Man‑in‑the‑Browser attacks

Learn more about malicious web injections and how Secure Bank helps detect them

Web Injection

A web injection, as one of the most dangerous types of Man‑in‑the‑Browser (MITB) attacks, is built to intercept data as it passes over a secure communication between a user and an online application.

A Trojan embeds in a user’s browser application and can be programmed to trigger when a user accesses specific online sites, such as an online banking site.

Once activated, a web injection Trojan can intercept and manipulate any information a user submits online in real time, adding JavaScript code, iframes and form fields to the page or showing overlays on top of a page.

Web injects allow attackers to steal credentials and other personally identifiable information when they are inputted on the web page, or to create requests for additional credentials not requested by the bank, such as pin codes, without tripping the bank’s fraud detection mechanisms.

Trickbot Trojan Case

First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks.

How Secure Bank helps protect from web injects

Some web injections may be considered inoffensive, for example, those executed by antivirus add-ons or ads plugins.

Using patented fraud detection algorithms, machine learning and Group-IB Threat Intelligence, Secure Bank allows to identify whether the injection is malicious or inoffensive. As soon as the script is confirmed as malicious, it’s added to Secure Bank database and then is processed in real time.

When the system detects any malicious JavaScript code or web injection, system event is triggered, proactively warning the client about fraud preparation or attempted execution.

In addition, CERT-GIB specialists — a Group-IB’s round-the-clock computer security incident response team — are involved in analysis of these events, strengthening Secure Bank automated algorithms.

Secure Bank identifies:

  • New devices that have not been used by the client in the past;
  • The device’s location;
  • A typical fraudulent pattern of the actions performed during the session;
  • Disparities between user behaviour during the session and the user’s usual actions.
Interested in a free trial? Contact us to learn moreRequest a demo

Evaluate your clients’ vulnerabilities and your potential risks – for free. Leave us your contact information to try the solution.

Thank you for the inquiry! We will contact you soon.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.