New Man-in-the-Middle attacks leveraging rogue DNS

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
New MitM attacks impersonate banking sites without triggering alerts
New_MitM_Attack.png


PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted.

In these attacks, hackers use spam to deliver malware that changes DNS settings and installs a rogue Certificate Authority (CA). The DNS changes point to the hacker's clandestine DNS name server so that users are directed to proxy servers instead of legitimate sites. Based on the CA, the user's PC trusts the attacker’s proxy servers and provides no indication that an attack is taking place. The browser displays the proper website name and displays the familiar security icon to indicate a trusted, secure connection.

The hacker's proxy sits between the authorized user and the real website, capturing login credentials and injecting code into the browsing session. This allows the hacker to take total control of the user's account and carry out unauthorized banking transactions as well as other actions.

More
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top