Nowadays web technologies allow users to make a lot of their work online. Cloud services, social networks, online games etc. are gaining more and more popularity and are replaicing desktop applications and offline stuff. Web-browsers also offer special opportunities, that can be increased by the use of different extensions and plugins. This fact made web-browsers an extremely attractive target for cybercriminals and they found new ways of how to implement browser-based attacks, spread malware and get maximum benefits from the infection campaigns.
In the presentation we will cover new implementation and spreading techniques of “Man-in-the-browser” attack. We will highlight some interesting samples, their functions and monetization models, that we have found in the wild.