Malware scammers are streamlining the process they use to steal vital information with a new exploit that works on any website, not just a mocked-up PayPal form. This newly-discovered exploit has been spookily dubbed “Universal Man-in-the-Browser,” or uMitB.
Past scams used plain old Man-in-the-Browser to lift stolen data. Man-in-the-Browser (MitB) extracts data from fake forms that look just like any online purchase page. Cons have to take log files of information gathered by a Man-in-the-Browser scam and sort it for vital information before selling it via black markets online. This need to parse the stolen data worked in the victim’s favor, as it gave anyone who realized they’d fallen for the ploy the time to cancel or close their accounts.
Universal Man-in-the-Browser eliminates the lag time between victim data entry and scammer data use and can pull from any web page. George Tubin, a senior security strategist at security vendor Trusteer, explained uMitB in more detal to CSO Online:
But the uMitB [...] collects the data in real time, Tubin said, making stolen credit card numbers much more valuable on the underground market, since they go “stale” quickly, as victims tend to report the loss or theft within hours or even minutes.
“This utility recognizes when a credit card is being entered and captures it in very usable form,” Tubin said. “It doesn’t matter if it’s a bank or a merchant or any other kind of online site. Rather than having to sniff through all the data, you get it automatically.”
Understanding the ins and outs of online scams can tax the sturdiest attention span, so Trusteer has created a (strangely silent) video illustrating how uMitB works, which you can watch below.
The video demonstrates how uMitB shoots stolen data in a readily usable form to the cyber-thief’s control page almost as soon as it’s been typed–meaning a victim’s credit card could be in the wild and paying for 20 new pairs of yoga pants on Amazon in the time it takes to reboot a laptop.