ESET Canada malware research lab has recently analyzed a very active banking Trojan dubbed Qadars which is targeting users especially in the Netherlands (75% of detected infections; among other targets are France, Italy, Canada, India and Australia). Qadars uses a wide variety of webinjects, some with Android mobile components that are capable of bypassing two-factor authentication systems of online banking to gain access to user’s bank account. The trojan pinpoints users in specific regions and uses webinject configuration files tailored to the banks most commonly used by the victims which makes it much more effective. The malware has been observed by ESET for the last six months and we can confirm that it is being continuously updated.
Detected as Win32/Qadars, the malware uses a Man-in-the-Browser scheme to perform financial fraud. The virus injects itself into browser (Firefox or Internet Explorer) processes and then is capable of inserting content into pages viewed by the user. Some of the webinjects are very sophisticated and can perform transactions automatically and bypass the two-factor authentication systems implemented by banks.
“This content can be anything, but is usually a form intended to harvest user credentials or JavaScript designed to attempt automatic money transfers without the user’s knowledge or consent,” says Jean-Ian Boutin, researcher at ESET lab in Montreal, Canada.
“Qadars webinject configuration file changes frequently and targets specific institutions. To maximize their success with these webinjects, the malware authors try to infect users in specific regions of the world,” adds Jean-Ian Boutin.
More detailed analysis of this malware is available in the blogpost Qadars – A Banking Trojan with Netherlands in its sight that can be found at WeLiveSecurity.com - ESET’s news platform with the latest information and analysis on cyber threats and useful security tips.
About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organizations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. More information is available via About ESET and Press Center.