LEXSI Revealed Publicly the Existence of Banking Trojan ‘Win32/Qadars’

Researchers from IT security firm, LEXSI in October 2013, publicly disclosed the details of a fresh banking Trojan nicknamed 'Win32/Qadars', as published by softpedia.com on December 18, 2013.

While LEXIS highlighted the malware's existence in October 2013, ESET claims that it saw the signs of this Trojan in May 2013. In actual fact, as accords to findings by ESET, the Trojan is still very lively and its inventors update it on a continuous basis.

Interestingly, Win32/Qadars protocol is financial deception through web injection and this technique has been available for a long-time in different families of monetary Trojan which is still effective.

Win32/Qadars employs a wide range of web injects with Android mobile components bypassing online banking security to get access to bank accounts of users. Normally, banking Trojans either targets a broad array of financial institutions or aim on a greatly smaller subset, generally associations having geographically stopped user base. It (Win32/Qadars) fall in the second category: it pinpoints users in specific regions and uses web inject configuration files customized to the banks most frequently employed by the users (victims).

It (Win32/Qadars) uses a Man-in-the-Browser (MitB) scheme to perform financial deceit. Similar to Zbot, Qadars infuses itself into browser processes to hook selected APIs and with these, it is able to insert content into web pages visited by the user.

Presssreleasepoint.com published a statement on 18th December, 2013 quoting a comment on the Trojan by Jean-Ian Boutin, a Researcher with ESET, Montreal, Canada as that this content could be anything but it's generally a form anticipated to harvest credentials of user or JavaScript designed to attempt automatic money transfers with no knowledge or permission of the user. Qadars web inject configuration file revises frequently and targets specific institutions. The malware writers try to taint users in particular regions of the world to get maximum victory with these web injects."

Furthermore, as accords to ESET, ever since May 2013, Qadars infections have been spotted in total six nations: The Netherlands, France, Canada, India, Australia and Italy. While all these countries have been struck, only Internauts in the Netherlands had been attacked throughout the entire six-month time-period that were monitored by ESET.

» SPAMfighter News - 12/27/2013