# Financial malware ('man-in-the-browser')

## Fitzcarraldo

I have just watched a report on the BBC TV technology programme Click. They discussed 'financial malware', more specifically 'man-in-the-browser malware' that could run on your PC while you're banking on-line. The malware mimics the bank's Web site but adds additional fields for you to fill in, and it interacts with you and your bank. You think you are communicating directly with your bank, and your bank thinks it is communicating directly with you; in fact you are both communicating with the malware (hence the term 'man in the browser'). Apparently the most famous man-in-the-browser malware is named 'Zeus', and the criminals change it frequently in order to avoid detection by banks and by anti-virus programmes. Apparently it is even capable of infecting a mobile phone if the bank normally requires the customer to use a mobile phone to confirm transactions. And, if I understood the report correctly, it may be able to trick you even you have to use one of those small, individual chip-and-PIN keypads that some banks send to customers of Internet banking.

You can read part of the report on the Click Web site:

http://www.bbc.co.uk/news/technology-16812064

http://news.bbc.co.uk/2/hi/programmes/click_online/default.stm

Click can be viewed on-line using BBC iPlayer by UK viewers, and it would be worth watching the episode as they show examples on PC monitors of man-in-the-browser malware in operation, along with the results of their tests of anti-virus packages on man-in-the-browser software running in Windows. Not surprisingly, many of the Windows anti-virus packages didn't detect it.

And now to the purpose of my post: I'm not sure if this threat is specific to Windows and want to ask those of you who are security experts whether or not I should be concerned as a Linux user? The programme showed a spider diagram of the Zeus source code, and I noticed it mentioned 'php'. So my question is this: can man-in-the-browser malware run in Linux (and MacOS and Android, come to that)? Furthermore, is there actually any man-in-the-browser malware already out there now that runs in Linux?

----------

## gerard27

I use one of these chip and PIN gadgets on Gentoo Linux for years.

So does my wife on her lappy (also Gentoo Linux).

We never noticed anything.

All the withdrawals are legit.

I have nothing in the form of a firewall or anything else for protection.

I don't have ssh or a server running.

In my view Linux is simply intrinsically safe unless you run a server or ssh.

Gerard.

----------

## Hu

Yes, a man-in-the-browser malware could run on Linux, just the way you can run any Windows program on Linux if you have enough supporting libraries or if you can find someone to write an equivalent functionality program using Linux APIs.  In some cases, you can even get a portable program to do this.  For example, a malicious Firefox extension or Greasemonkey user script could do most of what you describe.

----------

