Protecting against Man‑in‑the‑Browser attacks

Learn more about malicious web injections and how Fraud Hunting Platform helps detect them

Web Injection

A web injection, as one of the most dangerous types of Man‑in‑the‑Browser (MITB) attacks, is built to intercept data as it passes over a secure communication between a user and an online application.

A Trojan embeds in a user’s browser application and can be programmed to trigger when a user accesses specific online sites, such as an online banking site.

Once activated, a web injection Trojan can intercept and manipulate any information a user submits online in real time, adding JavaScript code, iframes and form fields to the page or showing overlays on top of a page.

Web injects allow attackers to steal credentials and other personally identifiable information when they are inputted on the web page, or to create requests for additional credentials not requested by the bank, such as pin codes, without tripping the bank’s fraud detection mechanisms.

Trickbot Trojan Case

First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks.

How Fraud Hunting Platform helps protect from web injects

Some web injections may be considered inoffensive, for example, those executed by antivirus add-ons or ads plugins.

Using patented fraud detection algorithms, machine learning and Group-IB Threat Intelligence, Fraud Hunting Platform allows to identify whether the injection is malicious or inoffensive. As soon as the script is confirmed as malicious, it’s added to Fraud Hunting Platform database and then is processed in real time.

When the system detects any malicious JavaScript code or web injection, system event is triggered, proactively warning the client about fraud preparation or attempted execution.

In addition, CERT-GIB specialists — a Group-IB’s round-the-clock computer security incident response team — are involved in analysis of these events, strengthening Fraud Hunting Platform automated algorithms.

Fraud Hunting Platform identifies:

  • New devices that have not been used by the client in the past;
  • The device’s location;
  • A typical fraudulent pattern of the actions performed during the session;
  • Disparities between user behaviour during the session and the user’s usual actions.
Interested in a free trial? Contact us to learn moreRequest a demo

Evaluate your clients’ vulnerabilities and your potential risks – for free. Leave us your contact information to try the solution.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

All you need to know to #StayCyberSafe