Man-in-the-Browser in Google Chrome: Part 1 – Locating the SSL VMT

The financial services sector has become one of the main targets of cyber-attacks worldwide with the advent of e-banking. One of the most sophisticated and effective method used to conduct fraud is the man-in-the-browser attack, which infects the web-browser and is able to change the content of web pages and tamper network traffic without the victim noticing, even with security controls in place such as SSL/TLS. To conduct such type of attacks, malware authors target specific internal browser functions which are responsible of handling network traffic and redirect the execution…

Read More