Malware scammers are streamlining the process they use to steal vital information with a new exploit that works on any website, not just a mocked-up PayPal form. This newly-discovered exploit has been spookily dubbed “Universal Man-in-the-Browser,” or uMitB.
Past scams used plain old Man-in-the-Browser to lift stolen data. Man-in-the-Browser (MitB) extracts data from fake forms that look just like any online purchase page. Cons have to take log files of information gathered by a Man-in-the-Browser scam and sort it for vital information before selling it via black markets online. This need to parse the stolen data worked in the victim’s favor, as it gave anyone who realized they’d fallen for the ploy the time to cancel or close their accounts.
Universal Man-in-the-Browser eliminates the lag time between victim data entry and scammer data use and can pull from any web page. George Tubin, a senior security strategist at security vendor Trusteer, explained uMitB in more detal to CSO Online: Read More