A technique for controlling a compromised system’s browser, widely used in Brazilian banking schemes, will likely become more widespread worldwide in the next few years, say security experts. The technique abuses a legitimate way to control where a browser sends its requests, known as proxy auto-configuration or PAC, to take over a victim’s browser and send traffic–say, requests to a bank–to an attacker-controlled server instead. While the attackers still have to find a way to execute code on a victim’s system, once that is done, they can set a proxy for the browser, capture selected traffic, and re-route it invisibly.