Skip to main content

Kaspersky Lab Has Patented Technology that Detects Man-in-the-Browser Attacks

September 14, 2016

Kaspersky Lab has announced that it has been awarded a new patent from the United States, for a technology that counteracts the tricks of financial cybercriminals. The new technology detects the implementation of HTML code into a page opened by a client’s browser (Man-in-the-Browser attack).

Kaspersky Lab has announced that it has been awarded a new patent from the United States, for a technology that counteracts the tricks of financial cybercriminals. The new technology detects the implementation of HTML code into a page opened by a client’s browser (Man-in-the-Browser attack).

The technology is based on the use of special "scanning" web pages, which are integrated with a specific HTML code, to encourage malware to reveal its functions.

The creators of financial malware often modify HTML code for the websites of banks. When a client tries to open the necessary page, the malicious program detects this activity and modifies the design of various elements of the web pages (firstly, the input field), and then steals the authentication data entered, or changes the account numbers, to redirect where money is transferred.

Kaspersky Lab experts have developed a kind of ‘trap’- a banking page which has the hallmarks of different financial institution sites (the fragments of HTML code specific to the web pages of banks and payment systems). This technology is already widely used in Kaspersky Fraud Prevention Clientless Malware Detection, which was developed to prevent attempts to access customer bank accounts from infected devices. Once such a web page is opened from an infected device, the malicious program utilizing the Man-in-the-Browser technique will recognize it as the bank's website and try to make changes that will be immediately detected by the system.

"Considering the fact that Man-in-the-Browser technology is implemented by many families of banking trojans, our technology can be used in solutions to protect online banking, as an indicator of infection. If an attempt is made to embed HTML code, it’s highly likely that the user device is infected. Having detected such an attempt, the bank can block the transaction in time to protect its customer’s money from theft. We can also help the users affected by fraud to eliminate the consequences of infection with our specialist Kaspersky Fraud Prevention for Endpoints solution”, said Denis Gorchakov, senior fraud analyst at Kaspersky Fraud Prevention.

More details about Kaspersky Fraud Prevention Clientless Malware Detection are available here
Currently, Kaspersky Lab’s portfolio includes 450 patents issued in Russia, the US, the EU and China. In addition to that, over 320 patent applications are currently under consideration by the patent authorities in these countries.
The description of the technology and patent can be found on the USPTO website.

Kaspersky Lab Has Patented Technology that Detects Man-in-the-Browser Attacks

Kaspersky Lab has announced that it has been awarded a new patent from the United States, for a technology that counteracts the tricks of financial cybercriminals. The new technology detects the implementation of HTML code into a page opened by a client’s browser (Man-in-the-Browser attack).
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases