Qadars Trojan Gears Up to Attack Banks of UK

As per IBM X-Force Research, updation of Qadars Trojan was done for improving its defences, and it has been tailored for targeting 18 banks of UK. Infection campaigns that are launched in the early part of this month, has mainly targeted banks in Germany, US, and Netherlands; however researchers recently have found facts proving that banks in UK have also been added in that list.

As per the belief of security researchers, Qadars active from 2013 is probably brainchild of "Russian-speaking black hat", and is also considered as an "advance online banking Trojan" most probably originating from "single source".

Cyber criminals have started focusing on UK again with renewed action, after a time when Brazil, US and Germany are getting targeted by the malware.

X-Force Research reveals that even though most of the targets of Qadars were banks, malware's configurations during recent month's shows that online sports betting users, social networking credentials, payment & card services, and e-commerce platforms is also targeted by it. Computerweekly.com posted on September 21st, 2016, that researchers believe experienced groups of cybercrime is supporting Qadars because malware tactics of advanced banking from the very beginning has been used by the malware.

The malware further uses the social engineering to try gaining complete access of the victim's systems and then steal his/her data, including data safeguarded by the two-factor authentication systems normally used by the majority of banks. Moreover, the Trojan can also comprehensively monitor the injected devices as well as hijack text messages from the victims' phones.

As per the researchers, Rig Exploit Kit through EiTest campaign is used by Qadars for infecting users, which facilitate its infiltration with the downloader malware. Researchers added that Qadars latest version is advanced online banking Trojan coming from single source. Fraud tactics of Qadars are enabled with the help of techniques like cookie & certificate fraud, code injection, form grabbing and ATS.

Qadars can do in-session fraud by remote-controlling infected endpoint through virtual network computing, and executing a real time fake transaction when user is already logged on.

Activities of Qadars are fairly limited as well as modest, compared to the other flourishing banking Trojans like GozNym or Dridex. However, researchers consider this as a deliberate trick of malware's developers in trying to avoid detection.

» SPAMfighter News - 9/27/2016