In the past, MitB worked by sending your transaction data — typically by creating a phoney second transaction — in a raw dump to whoever was operating it, where it had to be parsed for the actual details before being sold. Now, the new Universal Man in the Browser does that work for the hacker, automatically processing the data and spitting it out on an organised webpage.
Why is this more dangerous? Because in the past, if you realised you’d just stuck your information you shouldn’t have, or noticed a strange transaction, you had time to shut down the card before it was used. Now, it can be used immediately.
The best bet to avoid uMitB is to just abide by general safe practices. Watch what you click, don’t download suspicious or unsecured files. But the level of sophistication of these programs is at a point where simple best practices aren’t really cutting it anymore. So just do your best, and find a good malware protection service. [CSOOnline via Betabeat]