Kaspersky Lab Has Patented Technology that Detects Man-in-the-Browser Attacks

Kaspersky Lab has announced that it has been awarded a new patent from the United States, for a technology that counteracts the tricks of financial cybercriminals. The new technology detects the implementation of HTML code into a page opened by a client’s browser (Man-in-the-Browser attack).

The technology is based on the use of special "scanning" web pages, which are integrated with a specific HTML code, to encourage malware to reveal its functions.

The creators of financial malware often modify HTML code for the websites of banks. When a client tries to open the necessary page, the malicious program detects this activity and modifies the design of various elements of the web pages (firstly, the input field), and then steals the authentication data entered, or changes the account numbers, to redirect where money is transferred.

Kaspersky Lab experts have developed a kind of ‘trap’- a banking page which has the hallmarks of different financial institution sites (the fragments of HTML code specific to the web pages of banks and payment systems). This technology is already widely used in Kaspersky Fraud Prevention Clientless Malware Detection, which was developed to prevent attempts to access customer bank accounts from infected devices. Once such a web page is opened from an infected device, the malicious program utilizing the Man-in-the-Browser technique will recognize it as the bank's website and try to make changes that will be immediately detected by the system.

"Considering the fact that Man-in-the-Browser technology is implemented by many families of banking trojans, our technology can be used in solutions to protect online banking, as an indicator of infection. If an attempt is made to embed HTML code, it’s highly likely that the user device is infected. Having detected such an attempt, the bank can block the transaction in time to protect its customer’s money from theft. We can also help the users affected by fraud to eliminate the consequences of infection with our specialist Kaspersky Fraud Prevention for Endpoints solution”, said Denis Gorchakov, senior fraud analyst at Kaspersky Fraud Prevention.

More details about Kaspersky Fraud Prevention Clientless Malware Detection are available here
Currently, Kaspersky Lab’s portfolio includes 450 patents issued in Russia, the US, the EU and China. In addition to that, over 320 patent applications are currently under consideration by the patent authorities in these countries.
The description of the technology and patent can be found on the USPTO website.