There is a large amount of software at present that can be used to perform various online transactions. Many transactions are performed via online banking, using standard browsers, and individual banking clients are also used, being especially popular on mobile platforms. When using a browser to perform a transaction, the user generally goes to the bank site and performs an authentication (which is sometimes a two-factor type, for example, with the aid of SMS or a token), after which he/she is able to perform operations with his/her own funds.
With the growth of online payments, hackers have become interested in this service segment, and they are actively looking for ways to intercept transaction data for the unlawful transfer of funds. The theft of transaction data generally takes place by using malicious programs which get onto the computers of users (infecting the computers). Such programs most often get onto infected computers through popular Internet browsers and intercept data being entered from input devices (such as a keyboard or mouse), or they intercept data being sent to the network. For example, malicious programs infecting browsers gain access to the browser files and look at the history of visits and the passwords saved when visiting web pages. Data entry interceptors (or keyloggers) intercept the entry of data from a keyboard or mouse, take pictures of screens (or screenshots) and conceal their presence in the system by means of various rootkit technologies. Such technologies are also used by interceptors of network packets (or traffic sniffers), which intercept network packets being transmitted, extracting valuable information from them, such as passwords and other personal data. Most often, the infection occurs by utilizing vulnerabilities in software which make it possible to use various exploits to penetrate the computer system.
The existing antivirus technologies such as the use of signature or heuristic checks, methods of proactive protection or the use of lists of trusted applications (or whitelists), although able to detect many malicious programs on the computers of users, are not always able to determine their new modifications, which are appearing more frequently day by day. Thus, solutions are needed which can secure the procedure of performing online payments by users.
However, no methods have been described at present that could detect unknown malicious programs that affect transactions (such as those carrying out a Man-in-the-Browser attack). Even if it would be possible on the bank side to reject a transaction from a client because it includes suspicious circumstances, on the client side the malicious program can still continue working for a long time, until an antivirus program is installed, the antivirus databases are updated, or the user performs a reinstallation of the operating system or a rollback.