Virus attack on ICICI Bank Transactions

Disclaimer:  Author takes no responsibility for any actions with provided information

Latest Update:

  • 23-June-2012: Banks have succeeded in removing my account from Vimeo.com. Vimeo has deleted my account without informing me. You can watch video from www.FaceBook.com/BrokenInternet page.
  • “Expert Group on E-Banking Security” has given live demo to RBI(Reserve Bank of India)
  • “Expert Group on E-Banking Security” has given recorded demo and discussion DVD to CERT-IN Head personally
  • 16/02/2012: DropBox has blocked my public link for video file downloads saying “I am hosting viruses in Dropbox”, but i have kept only videos of banks and given link in my website for download.
  • 18/01/2012: ICICI Bank has sent Courier to me, threatening legal action – Defamation case from Corporate communication, if i don’t remove my videos and related content from my website, facebook and vimeo soon. They have claimed that these videos are false. They have asked me to close my ICICI Bank account within 30 days of this notice.
  • 21/12/2011: ICICI Bank has sent mail asking me to remove Videos and related content from my website, threatening legal action from Corporate communication.

I have developed a proof-of-concept virus to attack the ICICI Online banking using the Man-in-Middle / Man-in-Browser attack method. I am releasing a video (of only  8 minutes) to show what an attack can do to an online banking customer who uses ICICI online banking facility and how it can result in financial loss.. I am not releasing the source code or the binaries of the virus to prevent any kind of misuse from black hat hackers.

This video shows how virus can control your Internet explorer and manipulate ICICI Bank transactions in real time. The user is unaware that a virus is running, he logs into ICICI Online bank and performs an online transaction, the virus modifies the destination payee information in real-time and redirects the fund to an attacker account without the knowledge of the user.  The same virus can be extended to any browser.

High level description of the Video:

User account name is : Yash K.S (ICICI Bank)

Destination account name is : Praveen Kumar (HDFC Bank)

Attacker account name is : Yash K.S (Citibank)

User logins as Yash K.S (ICICI bank) and selects Praveen Kumar as payee (destination account) for transferring the fund. The user keys in Rs.18 and completes the transaction. Thereafter, , the user checks the mini-statement of the ICICI Bank, user sees thatRs.750 has been transferred instead of Rs.18 and also, instead of transferring it to Praveen Kumar, the virus has transferred the amount to Yash K.S (Citibank) account in real-time. The video also shows -the attacker’s account, i.e. Yash K.S (Citibank account) where the money has been transferred confirming that the virus has been successful in diverting transactions.

User is running Windows 7, Internet Explorer and Kaspersky Anti-virus with latest patches

Download mirrors:

1. Man in Browser attack on ICICI Bank video : Mirror-1

2. Man in Browser attack on ICICI Bank video : Mirror-2