Working in collaboration with a major German bank, Cambridge based company Cronto has developed a system to combat the threat posed by “Man-in-the-Browser” Trojan malware.

Trojan attacks of this type can cause customers to lose millions: in 2012, a single Trojan attack known as “Eurograbber” was discovered to have illicitly transferred over €36 million from unsuspecting banking customers. “Man-in-the-Browser attacks in combination with social engineering techniques are the most present and active threat to online banking,” says Dr Elena Punskaya, Affiliated University Lecturer in the Department of Engineering and Co-founder and Chief Technology Officer at Cambridge-based company Cronto. “A combination of the malware and social engineering allows fraudsters to build a plausible story in order to initiate and hide the fraudulent payments.”

Dr Steven Murdoch, a member of the Security Group at the University Computer Laboratory and Cronto’s Chief Security Architect, designed and developed a new transaction signing solution able to withstand both attacks from criminals and the reality of industry.

Working together with banks, in particular Germany’s Commerzbank, Dr Murdoch and the Cronto team implemented a state-of-the-art security protocol that has been adopted by leading banks in Germany and Switzerland, having successfully passed their internal and external security evaluations