Red Force Labs CTO Yash K.S. has published a proof of concept video to demonstrate how a virus could be leveraged for a man-in-the-browser attack that manipulates HSBC Bank transactions in real time.

"In the clip, the expert shows how an unsuspecting user logs in to his HSBC online banking account using an account password and a one-time password provided by the OTP device," writes Softpedia's Eduard Kovacs. "While the user enters the details of the destination account and the amount of money he wishes to transfer, the cybercriminal that controls the virus works in the background and alters the transaction’s details to his own liking."

"The victim confirms the transaction, again with the OTP device, and completes it, but when he checks to see if the money arrived to its destination, he finds that not only the amount transferred is considerably higher, but also that the destination is a Citibank account, other than the one he chose," Kovacs writes.

Go to "Expert: Bank Transactions Can Be Manipulated Even If OTP Devices Are Used" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.