"Man in the Browser" - new technique to steal online bank logon credentials

F-Secure warns about a new way to steal online bank logon credentials; "Man in the Browser" - technique, which steals them from browser session and sends to criminal servers.

This technique is based on malware in computer which activates only when user uses online bank. Malware can save username and password from html-code in browsers. These information are being sent to ftp site from which criminals sold them to other criminals.

Network criminals have always used means to steal personal data and bank logon credentials; those techniques have only developed because security programs have, too.

First way was keyloggers and after those phishing and pharming.

In phishing, emails, which are masked to look like ones from bank, are being used. When user opens link in message, he enters a fraud site which looks like real online bank site. When he enters logon credentials they get stolen.

In pharming user is being re-directed from real online bank site to fraud one, forging of URL takes place on internet level.

- Phishing is loosing its force because banks have strengthen logon security. For same reason "Man in the Browser" attacks are growing, says Mikko Hyppönen from F-Secure.

Source: F-secure