Malware Found on HDFC Bank live Netbanking Site (Security Threat on HDFC Netbanking site) - Bug Reaper

                  Bug Reaper

Lean about Automation Testing,Selenium WebDriver,RestAssured,Appium,Jenkins,JAVA,API Automation,TestNG,Maven, Rest API, SOAP API,Linux,Maven,Security Testing,Interview Questions

Thursday, 2 October 2014

Malware Found on HDFC Bank live Netbanking Site (Security Threat on HDFC Netbanking site)

About HDFC

HDFC Bank was incorporated in August 1994 and currently has an nationwide network of 3,488 Branches and 11,426 ATM's in 2,231 Indian towns and cities



It is one of the most repudiated and widely used Bank.I too hold two account of HDFC Bank.


Story

One day I was just sitting on my PC(rather i should call it my Big Machine \m/) which I generally use for testing applications in my leisure time.
It contains most of the widely used softwares for security testing ,antivirus and network sniffing tools,antimalware, Automation tools.


Just like a normal day routine.I want to check my HDFC account using HDFC netbanking site.

Like a normal practise i searched on the google for HDFC Bank typing 'HDFC' as my search keyword in Google search.

Below is the snapshot of the link which appears as the top result on searching HDFC in google search.










I clicked on the first link i.e 
 https://netbanking.hdfcbank.com/

This is the netbanking site of HDFC which is used by thousand of users regulary to make millions of transactions on daily basis.

I logged into my Account and after logging in I just clicked to check my Account Balance.

Guess what happened :-o :-/

My Latest Avast Antivirus fires an alert with alarming sound making me aware that this site is infected by MALWARE :-o



Following up the details of this MALWARE I reached the exact location source from where this Malware gets trigger.




I was like :(

Now this sh*t is unacceptable

What the heck
Live netbanking website of HDFC is ''MALWARE infected.....!!!!!!!!'' 


Latest Avast Antivirus alerts everytime when User Login to HDFC Netbanking account using the mentioned link from Google, which appears coming top searched results in Google.


What is Malware.....?

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.It can appear in the form of executable code, scripts, active content, and other software.



Risk:
HDFC is one of the leading banks in INDIA.
If this site is infected . It can cause loss to thousands of user and thus can cause a Business loss of millions to bank.

As it can cause financial loss to citizens of India as well to citizens of all over the world using HDFC Netbanking .




The Best Part is I tried to Contact HDFC Bank, but there was no reply for first 1 week.
Then I received the call from HDFC support asking about the threat.

I asked them is there any Pay Outs they make for reporting  such kind of holes and malicious activities as a Reward like most of the companies do.

They replied negatively saying there is no such kind of program.(as expected Security is not taken seriously till the time there is no big loss to companies :D)

I told them if there is not such kind of program then please introduce it, so that Guys like us who like playing with applications can easily contact them and raise concerns and bugs so that I both ways customer, Security Researcher as well Bank can get benefit.

He said I completely agree with your points, we can see Gmail accounts getting hacked, password getting cracked, no one is secure on open networks....    ^__^.



Being a Citizen I considered it as my Moral duty to report such incidents and  every citizen can benefit in his own master area.

But Like the Joker Said : If you're good at something, never do it for free  :D

So it would be better if every Big IT Giants Banks, E commerce sites should consider such situations and make provisions in which they can get benefit from the end-users in improving User experience

No comments:

Post a Comment