A man-in-the-browser (MITB) assault requires an attacker to inject malicious software, or malware, into the victim's computer or mobile device. Phishing is one method for accomplishing this.
Phishing is the practice of a fraudster sending a person an email or text message that looks to come from a reliable source, such a bank, as in our example. The user runs the risk of unintentionally downloading malware onto their device by opening an attachment or clicking on a link in a phishing mail. The virus thereafter sneakily installs itself on the browser. The virus captures and sends to the attacker the data exchanged between the victim and particular targeted websites, such as financial institutions.
By intercepting a user's traffic to a banking website, such attacks are frequently conducted in an effort to obtain financial information. Rarely are users who are subject to such an assault aware of it, and neither can the online applications they are using. One piece of malware with MitB Attack capabilities is the Zeus Trojan.