In spring 2018, a powerful banking Trojan named BackSwap surfaced, targeting online banking users in Poland. While banking Trojans have seen a sharp decline in popularity in recent years because of advances in antimalware and antivirus technology, BackSwap, which eventually extended its reach to Spanish banks, made headlines because it’s so innovative in its propagation methods and how it hides. Because it’s so crafty, it was able to elude most protection methods until it had pilfered an undisclosed, but assumed-to-be tidy sum from its victims.
BackSwap spreads via spam email campaigns and malicious links on websites. When a user opens an infected link, they begin to download the malicious payload and the next time the unfortunate victim opens a browser to make his or her way to their banking website, the malware injects rotten JavaScript in place of the correct URL in the address bar. When the victim attempts to transfer funds, thanks to the rogue JavaScript, payments are redirected to the attacker’s bank account. This is referred to as a man-in-the-browser (MITB) attack, one that compromises users’ devices via browsers.
Surfing in a Cesspool
We all know that the internet is, at best, a mixed bag – some of the stuff you’ll find is good and some are bad. Some are clean and some are, unsurprisingly, filled with malware. But here is the craziest part – each time you open up a browser, regardless of whether you’re a Chrome fanboy/girl, a Firefox aficionado, or if you prefer some other browser, you’re creating a gateway through which all —ALL— that content can make its way on to your endpoint – ie, your computer.
Threats like BackSwap are called, most appropriately, web-based, or browser-based threats. See, there are lots of different threat types and methodologies. Some malware gets passed around via email and others hide in apps, waiting to be downloaded from app stores or in links on social media platforms. Still, other, more complex zero-day threats target corporate perimeters, looking for weaknesses through which they can infiltrate and steal sensitive company data.
Browser-based threats take advantage of browsers and by extension, the internet, which as we mentioned above is highly inconsistent and incredibly vulnerable, to carry out attacks. And scarily enough, while browsers are one the most commonly used pieces of software, they are also the most exposed. Our browsers continuously interact with potentially dangerous code, websites, and applications, and if exposed, they could provide attackers with more than a motherlode of compromising data.
Understanding Browser-based Threats
There are lots of ways that your browser could end up interacting with a malicious entity — man-in-the-browser attacks like BackSwap are just one example. Browsers use a host of third-party plug-ins such as Adobe Flash, Reader and the aforementioned JavaScript for additional functionality. These plugins are notoriously buggy and are one of the first things attackers go after when looking to compromise browsers.
There are also drive-by attacks that compromise a vulnerable website code. Then, when a visitor with vulnerable a system makes his or her way to the hacked website, they fall prey to the attack. Another highly damaging form of a browser-based attack is Malvertising, which injects rotten code into ads that run on websites.
Browser-based threats are fast-evolving and as such, they tend to elude typical security measures, which make them even more dangerous. With all that’s at stake when you use the internet, it’s easy to see why you need extra security when dealing with browser-based threats.
RAV Online Security Web Security Extension
Thankfully, ReasonLabs' got your back.
We know how murky the waters of the internet can be. That’s why we have developed RAV Online Security, designed to protect you from exploits while browsing the web. It’s simple to install and keeps you secured against web-based threats such as phishing and rogue websites, including websites that are intentionally dangerous, as well as websites that have unwittingly become infected with malware. We’re constantly updating our cache of URLs to ensure that if a good website gets compromised, we know about it and warn you as soon as it occurs.
Keeping safe is as easy as following the shields – a green shield indicates that the site you’re about to navigate to is safe and won’t compromise your privacy. A red shield means that the website you’re about to go to is potentially damaging to your security and privacy. You can still go to it if you choose…but you’ve been warned :).
So it’s true — browsers come with some inherent dangers. But if you’ve got the protection you need, then you can safely use them and the internet — without worrying about all the garbage and muck.