LEXSI Revealed Publicly the Existence of Banking Trojan ‘Win32/Qadars’
Researchers from IT security firm, LEXSI in October 2013, publicly disclosed the details of a fresh banking Trojan nicknamed 'Win32/Qadars', as published by softpedia.com on December 18, 2013.
While LEXIS highlighted the malware's existence in October 2013, ESET claims that it saw the signs of this Trojan in May 2013. In actual fact, as accords to findings by ESET, the Trojan is still very lively and its inventors update it on a continuous basis.
Interestingly, Win32/Qadars protocol is financial deception through web injection and this technique has been available for a long-time in different families of monetary Trojan which is still effective.
Win32/Qadars employs a wide range of web injects with Android mobile components bypassing online banking security to get access to bank accounts of users. Normally, banking Trojans either targets a broad array of financial institutions or aim on a greatly smaller subset, generally associations having geographically stopped user base. It (Win32/Qadars) fall in the second category: it pinpoints users in specific regions and uses web inject configuration files customized to the banks most frequently employed by the users (victims).
It (Win32/Qadars) uses a Man-in-the-Browser (MitB) scheme to perform financial deceit. Similar to Zbot, Qadars infuses itself into browser processes to hook selected APIs and with these, it is able to insert content into web pages visited by the user.
Furthermore, as accords to ESET, ever since May 2013, Qadars infections have been spotted in total six nations: The Netherlands, France, Canada, India, Australia and Italy. While all these countries have been struck, only Internauts in the Netherlands had been attacked throughout the entire six-month time-period that were monitored by ESET.
» SPAMfighter News - 27-12-2013