A man-in-the-browser (MitB) attack is a type of cyberattack where malware secretly infects a user’s web browser and intercepts or alters communications between the user and a trusted website—often without either party knowing.
Hackers use this method to steal sensitive data like login credentials, banking details, or to manipulate online transactions in real time. Because the malware operates inside the browser, it can bypass security measures like HTTPS encryption or two-factor authentication.
These attacks usually start when a user unknowingly installs the malware via a malicious download, email attachment, or compromised website.