The Boy-in-the-Browser is More than Just Mischievous

“Boy” may not seem like the most intimidating of terms, but when it comes to malware, it should incite a considerable level of concern.  A new type of malware known as ‘Boy-in-the-Browser’ is a rising financial malware threat.  Boy in the Browser, or BitB, is a trojan that reroutes its victims’ web traffic information through an attacker’s proxy site.  It is a simpler version of the malware known as ‘Man-in-the-Browser’–a less mature version, if you will–hence the name.

So, first, what’s Man-in-the-Browser?  Man-in-the-Browser (MitB) is a trojan that infects web browsers and can modify pages and transaction information covertly–all while “sitting” on the victim’s browser.  MitB is primarily used to secretly manipulate online banking transactions, despite the use of authentication methods.


Boy-in-the-Browser is very similar to Man-in-the-Browser except for a few key differences.  For example, the BitB trojan redirects traffic to a 3rd-party site controlled by the responsible cybercriminals before continuing on to the original destination.  So for example, during an online banking transaction, instead of going directly to the bank, the request first passes through the attackers’ 3rd party server.  While at that server, the fraudsters can perform a variety of fraudulent actions.  For example, their fraud can range from simply recording private information to actually modifying requests (e.g., transferring bank funds to a different bank account).

From the victim’s perspective, both the address bar and the victim’s browser continue to show the correct website and information.  In reality though, that traffic is sent to the attacker’s proxy site where it’s then modified by the cybercriminals.  Since everything appears to function normally from the victims’ point of view, it’s difficult for them to detect the Boy-in-the-Browser trojan in the first place.

BitB, like MitB, is particularly detrimental to victims who access their online banking accounts given that all of their banking information and funds become accessible to criminals, unbeknownst to the victims.


Aside from the obvious, BitB has other qualities that make it particularly threatening.  For one, BitB trojans evolve frequently with new variants popping up all the time.  Consequently, some antivirus programs are unable to detect the newest BitB threats.

Also, compared to MitB attacks, BitB attacks require far fewer resources.  The code for a BitB trojan is much simpler than that for MitB.  The flip side to that is that since BitB attacks are conducted via a third-party server, the attacker-controlled server can be shut down once the BitB has been uncovered as the culprit.  MitB attacks, on the other hand, are difficult to combat once they have been discovered due to their complex code.

Nevertheless, the convenience of BitB’s, coupled with the relative difficulty of uncovering them, makes this malware a formidable foe to say the least–despite its “youth.”

This entry was posted in Online Fraud and tagged , , . Bookmark the permalink.

One Response to The Boy-in-the-Browser is More than Just Mischievous

  1. Melody says:

    So, even a bank site with all the security in place is still at risk!?

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>