Qadars Trojan targets 18 UK banks

British financial institutions in firing line of cybercriminals

Online banking details

Cybercriminals are targeting British banks with the Qadars Trojan, according to security researchers.

Researchers from IBM's X-Force Research said that hackers have been updating the malware's defences and tailoring its configurations to target 18 banks in the UK. The researchers found that Qadars campaigns launched in early September 2016 and mainly targeted banks in the Netherlands, US and Germany.

Advertisement - Article continues below

They said that the gang behind the malware have been engaged in bouts of online banking fraud attacks since 2013, with a focus on Europe.

As well as banks, the gang has also been after social networking credentials, online sports betting users, e-commerce platforms, payments and card services, among others.

The Qadars Trojan can insert itself into a browser to monitor and manipulate user activity, as well as fetch web injections in real time from a remote server. They can also supplement fraud scenarios with an SMS hijacking app and orchestrate the full scope of fraudulent data theft and transaction operation through an automated transfer system (ATS) panel, which is a remote, web-based platform that Trojans access on the fly.

The ATS panel contains transaction automation scripts, web injections, pre-programmed transaction flow and parameters, transfer thresholds and mule account numbers on which the malware relies to complete illicit online transactions.

Advertisement - Article continues below
Advertisement - Article continues below

To steal two-factor authentication (2FA) codes from a user whose bank requires an out-of-band element, Qadars' operators deployed the Perkele (iBanking) mobile bot as the malicious mobile component. In this case, Qadars even added the theft of codes from mobile devices to the ATS transaction orchestration flow.

The latest version of the malware surfaced in the first quarter of this year.

"Qadars v3 is continuously evolving. Yet another updated release in late August 2016 offered a new Qadars build with some code updates designed to evade detection, layer anti-research features, and improve the performance and readability of the malware's webinjection mechanisms," said Limor Kessem, executive security advisor at IBM.

She said that while the malware is not one of the top ten financial malware threats on the global list, however, this Trojan has been flying under the radar for over three years, attacking banks in different regions using advanced features and capabilities.

Advertisement - Article continues below

"It's possible that Qadars attack volumes remain limited because its operators choose to focus on specific countries in each of their infection sprees, likely to keep their operation focused and less visible," she said.

Mark James, security specialist at ESET, told IT Pro that as the UK has established financial headquarters it would stand to reason that malware designed to hit banking organisations will try and infect as many here as possible.

"The trouble with the internet is it has no real boundaries, so countries from a malware point of view just blend into one big attack vector," he said.

"The instant reward from the financial segment will continue to make this industry a desirable target and the UK will continue to be near the top of that list," he added. 

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



Evasive malware threats doubled in 2019

24 Mar 2020

10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Best free malware removal tools 2019

2 Mar 2020

Most Popular

Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020
Microsoft Windows

Microsoft puts Windows development on lockdown

25 Mar 2020
data breaches

General Electric employees hit by Canon data breach

24 Mar 2020
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020