Launching today is Jscrambler's Webpage Integrity module, an anti-fraud solution designed to protect webpages. It identifies fraud by detecting malicious tampering and client-side injections to webpages. Jscrambler is able to identify any kind of client-side injection (MITB, Malicious Extensions, Client-side XSS, Malicious/Compromised third-party code, etc.), be it a known injection or a completely new one (0-day attacks).
Man-in-the-Browser attacks, for instance, are one such example where attackers successfully target the device by first deploying Trojans and by then being able to fully tamper with the application. The number of Trojans has been increasing, spreading mostly through phishing campaigns. Eko and Smartbrowse are recent examples of MITB attacks that made the headlines. Eko, discovered on Facebook Russia in early 2015, spread malware via Facebook direct messages and scam video postings. Victims were sent links to phishing websites replicating Facebook and YouTube, which then prompted users to install video player extensions containing malicious code.
Using Jscrambler’s new module, it is possible to remove injections on the spot in real-time and report back in near real-time to the backend of the application, allowing it to react to the threat. Any organization with an important online presence or dealing with sensitive online assets should assume the end-user cannot be trusted. With Jscrambler in action, they can get precise information on what code was injected and where, giving them an unprecedented visibility on what's happening on the client-side and is an accurate tool to prevent a class of attacks that is growing in frequency and complexity, with serious financial consequences and impacting the reputation of companies and governments.
Other solutions to this problem have been proposed before but, in contrast to other technologies, Jscrambler’s Webpage Integrity module emerged as a solution that does not look for malware signatures. It looks for changes made to the untampered page and, by doing so, it is able to detect 0-day threats. The majority of the solutions available in the market fail because they can be easily tricked or removed from the path of the attacker. Jscrambler’s Webpage Integrity module is protected by Jscrambler’s code protection technology, trusted by more than 30,000 companies and individuals, including Fortune 500 businesses. This protection technology is unfeasible to trick and difficult to circumvent. Finally, it is completely plug and play, not requiring the installation of anything locally on the client device. It is completely transparent to the client device and supports all browsers and platforms.
“Having listened to the feedback from many of our customers and continuing our mission to protect the client-side, we felt that this was the right time to upgrade our solution in order to offer a unique proposition to the market”, said Rui Ribeiro, CEO of Jscrambler.
Jscrambler’s new Webpage Integrity module may be the solution to finally ensure that web applications will look and behave as intended on all browsers and devices and that users can run it safely - even in hostile environments as a compromised computer.