Trusteer researchers have discovered a new “Universal Man-in-the-Browser” (uMitB) attack that is capable of stealing sensitive data entered into not just a single website, but all websites visited by the end-user in real-time.Unlike traditional Man-in-the-Browser configurations, this new uMitB method “uses ‘generic’ real-time logic on the form submissions” to process the information immediately, allowing cyberthieves to quickly build a database of freshly-stolen information without having to parse the logs and extract the valuable details first.
Such efficiency could come in handy for cybercriminals that operate e-stores selling credit card information since card data stolen in real-time is far more valuable than “stale” information.
Trusteer did not give details as to how they came across this new attack method; however they did share a marketing video promoted by cybercriminals that demonstrates how the uMitB attack works.
As far as keeping data safe from (u)MitB attacks, users are urged to safeguard their machines against malware like ZeuS & SpyEye, both of which use MitB tactics to steal private information like credit card numbers or login credentials.
ZeuS, SpyEye & other MitB malware is often delivered via malicious email attachments, drive-by-downloads, therefore users can protect their PCs by:
- Keeping their operating system and installed software fully patched & up-to-date.
- Always running antivirus software and keeping the virus definitions current.
- Exercising caution when following [shortened] links and checking email – no downloading files from unknown/untrusted sources!
Photo Credit: AJC1
[via Trusteer]
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
No comments:
Post a Comment