Exploit Allows Data To Be Stolen From Browsers In Real Time

I don't get it. There is no address bar in that video, so I do not know where that "hello world" page is, but the report shows 127.0.0.1. If a Trojan is installed locally, hasn't this been possible for, like ever? Isn't this just a smart keylogger that can identify a CC number when it is typed?

I may not keep up with all the exploits and malware, but the rule of thumb is that once you get root/admin access, all data can be compromised. So what does this mean to most of us? Don't we already know that malware is bad?

Just sounds like FUD for the ignorant to me. Maybe another wake up call, but not really different from other capability that already exists. At least not from a user perspective.
 
unless this is about a certain open site can keylog other websites i dont see how this is possible unless your already infected with a trojen.

i know websites are not suppose to be able to keylog the other windows unless it is poorly written browser.
 
Just think how convenient this would be if you had that new Mozilla unified login thing. It could auto load your bookmarks in the background and login to all your accounts and steal even more than just your credit card information. Maybe it could even get access to your email and reset some account passwords by itself too. Nice...
 
so you have to get infected first, right?

i think this would be a great exploit for Macs. Those guys think they're invincible
 
The basic concept isn't anything new and has been going on for years. What they are saying here is that the process of malware sniffing your credit card details and then being collected by someone has been discovered to happen in real time now. Trojans like Zeus and stuff have been doing this for years, faking pages and intercepting credit card and bank details and such but im not sure if it was all in real time.

Presumably with this, a malicious user who could be 'trading' the credit card on IRC or whatever within seconds after the victim enters his number into a site. I'm sure the process could be completely automated too with relative ease.
 
Non story really. From the parent article, it needs an already existing malware platform to run from. So it's just some fancy js attached to an already infected computer doing slightly more advanced key logging duty. Nothing to see here, move along.

Also running an ABE (application boundry enforcer) mitigates this attack, unless of course your malware has already turned it off. Thankfully, tools like noscript mitigate the initial attack and come with an ABE.
 
I find it interesting that you can't see the actual website address. You can't verify that this site is the actual website or one the replicated to a local server. You can replicate the site, load up a MySQL server, capture the data on export to clear txt file.
 
ActiveX page trojan uploads from spoofed pages have been around forever.
This is why I don't use IE.
 
I remembered reading about these as far back as 2007 (if im not mistaken), and yes they start from Trojans, I believe there was also a proof concept for the Mac OSX (if not already a true Trojan out there), and I think there were Trojans that could screw up "all" browsers
 
Assuming that I got infected with a trojan (which is very unlikely given that I typically don't download programs from random sites on the internet but rather use a package manager that has signing and key verification), it still wouldn't be able to intercept data from my browser because I sandbox it with AppArmor.
 
You must log in or register to reply here.
Back
Top