Protecting against Man‑in‑the‑Browser attacks
Learn more about malicious web injections and how Fraud Hunting Platform helps detect them
A web injection, as one of the most dangerous types of Man‑in‑the‑Browser (MITB) attacks, is built to intercept data as it passes over a secure communication between a user and an online application.
A Trojan embeds in a user’s browser application and can be programmed to trigger when a user accesses specific online sites, such as an online banking site.
Web injects allow attackers to steal credentials and other personally identifiable information when they are inputted on the web page, or to create requests for additional credentials not requested by the bank, such as pin codes, without tripping the bank’s fraud detection mechanisms.
Trickbot Trojan Case
First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks.
How Fraud Hunting Platform helps protect from web injects
Some web injections may be considered inoffensive, for example, those executed by antivirus add-ons or ads plugins.
Using patented fraud detection algorithms, machine learning and Group-IB Threat Intelligence, Fraud Hunting Platform allows to identify whether the injection is malicious or inoffensive. As soon as the script is confirmed as malicious, it’s added to Fraud Hunting Platform database and then is processed in real time.
In addition, CERT-GIB specialists — a Group-IB’s round-the-clock computer security incident response team — are involved in analysis of these events, strengthening Fraud Hunting Platform automated algorithms.
Fraud Hunting Platform identifies:
- New devices that have not been used by the client in the past;
- The device’s location;
- A typical fraudulent pattern of the actions performed during the session;
- Disparities between user behaviour during the session and the user’s usual actions.