A type of attack when a malicious program gains control over traffic between a user’s computer and the webserver of a website and changes the website’s contents. The malware integrates into the victim’s operating system and installs the browser extension. As the victim starts the browser and uploads the page, the extension checks if its address matches the value on the fraudster’s list of target websites (they are mostly the websites that are anyhow connected with financial transactions). If the uploaded page matches the value on the list, the extension intercepts or changes the data that the user has entered into the web-forms on the site and that were sent to the server. That allows the fraudster to intercept passwords or change the transaction data.