US 11,947,692 B1
Systems and methods for dynamic formjacking protection
Iskander Sanchez Rola, Antibes (FR); David Luz Silva, Dublin (IE); and Bahaa Naamneh, Oslo (NO)
Assigned to GEN DIGITAL INC., Tempe, AZ (US)
Filed by GEN DIGITAL INC., Tempe, AZ (US)
Filed on Dec. 16, 2021, as Appl. No. 17/644,684.
Int. Cl. G06F 7/04 (2006.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01); G06F 21/64 (2013.01)
CPC G06F 21/6209 (2013.01) [G06F 21/606 (2013.01); G06F 21/6245 (2013.01); G06F 21/64 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for dynamic formjacking protection, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
identifying a sensitive data input field element on a webform loaded in a browser;
creating a secure isolated container overlaid on the identified sensitive data input field element;
collecting, via the secure isolated container, real input data intended for the sensitive data input field element;
inserting dummy data into the sensitive data input field element in response to collecting the real input data;
intercepting a form submit request from the webform to a destination, wherein the form submit request is prevented by the secure isolated container from including the real input data;
determining whether the destination is a trusted destination;
when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination; and
sending the form submit request to the destination.