ESET Canada malware research lab has recently analyzed a very active banking Trojan dubbed Qadars which is targeting users especially in the Netherlands, 75% of detected infections; among other targets are France, Italy, Canada, India and Australia.
Qadars uses a wide variety of webinjects, some with Android mobile components that are capable of bypassing two-factor authentication systems of online banking to gain access to user’s bank account.
The trojan pinpoints users in specific regions and uses webinject configuration files tailored to the banks most commonly used by the victims which makes it much more effective.
Win32/Qadars uses a Man-in-the-Browser (MitB) scheme to perform financial fraud. Just like Win32/Spy.Zbot , Win32/Qadars injects itself into browser processes to hook selected APIs. Using these hooks, it is able to inject content into pages viewed by the user.
From last May 2013, Qadars infections have been spotted in a total of six countries: the Netherlands, France, Canada, India, Australia and Italy. While all these countries have been targeted, only users in the Netherlands had been attacked throughout the entire 6-month period in which ESET monitored the threat.
Win32/Qadars uses a wide variety of webinjects, some with Android mobile components, used to bypass online banking security and to gain access to user’s bank account. Usually, banking Trojans either target a broad array of financial institutions or focus on a much smaller subset, usually institutions of which the user base is geographically close.
It pinpoints users in specific regions and uses webinject configuration files tailored to the banks most commonly used by the victims.
It has also Android mobile components that allows the malware to bypass two-step authentication security feature of online banking and gain access to bank accounts.
Qadars uses a wide variety of webinjects, some with Android mobile components that are capable of bypassing two-factor authentication systems of online banking to gain access to user’s bank account.
The trojan pinpoints users in specific regions and uses webinject configuration files tailored to the banks most commonly used by the victims which makes it much more effective.
Win32/Qadars uses a Man-in-the-Browser (MitB) scheme to perform financial fraud. Just like Win32/Spy.Zbot , Win32/Qadars injects itself into browser processes to hook selected APIs. Using these hooks, it is able to inject content into pages viewed by the user.
From last May 2013, Qadars infections have been spotted in a total of six countries: the Netherlands, France, Canada, India, Australia and Italy. While all these countries have been targeted, only users in the Netherlands had been attacked throughout the entire 6-month period in which ESET monitored the threat.
Win32/Qadars uses a wide variety of webinjects, some with Android mobile components, used to bypass online banking security and to gain access to user’s bank account. Usually, banking Trojans either target a broad array of financial institutions or focus on a much smaller subset, usually institutions of which the user base is geographically close.
It pinpoints users in specific regions and uses webinject configuration files tailored to the banks most commonly used by the victims.
It has also Android mobile components that allows the malware to bypass two-step authentication security feature of online banking and gain access to bank accounts.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment