Virus attack on HSBC Transactions with OTP Device

Yash K.S., chief technology officer at Red Force Labs, released a proof of concept (POC) video to show how a cleverly designed virus can be used in a Man-in-the-Browser (MitB) attack that targets HSBC Bank transactions.

This video shows how a virus can take control of your internet explorer and manipulate HSBC Bank transactions in real-time. The user logs into HSBC online bank with the help of One time Password (OTP) (Hardware Device is provided to each user by HSBC Bank) and performs an online transactions. The user is unaware that a virus is running in the background. In spite of the dual authentication, the virus is able to manipulate the transaction in real-time without the user’s knowledge and redirects the fund to the attacker’s account.

In the demo, the computer is a Windows 7, Internet Explorer and Kaspersky anti-virus with latest patches. The same virus can be extended to other browsers.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: