Man-in-the-Browser in Google Chrome: Part 2 – Locating SSL_Write and SSL_Read

This second part of the Chromium Man-in-the-Browser series will take into consideration higher level wrappers such as SSL_Write and SSL_Read which are targeted by attackers to tamper secure SSL/TLS communications, respectively, before they get encrypted and after they get decrypted. Targeting those wrappers in favour of lower-level ones discussed in part 1 have proved to be a successful strategy for malware developers as the SSL VMT structure can change at any time, making automatic lookup ineffective. The order of the methods contained in it can change, methods can be replaced…

Read More

Man-in-the-Browser in Google Chrome: Part 1 – Locating the SSL VMT

The financial services sector has become one of the main targets of cyber-attacks worldwide with the advent of e-banking. One of the most sophisticated and effective method used to conduct fraud is the man-in-the-browser attack, which infects the web-browser and is able to change the content of web pages and tamper network traffic without the victim noticing, even with security controls in place such as SSL/TLS. To conduct such type of attacks, malware authors target specific internal browser functions which are responsible of handling network traffic and redirect the execution…

Read More