Qadars Trojan targets 18 UK banks

British financial institutions in firing line of cybercriminals

Online banking details

Cybercriminals are targeting British banks with the Qadars Trojan, according to security researchers.

Researchers from IBM's X-Force Research said that hackers have been updating the malware's defences and tailoring its configurations to target 18 banks in the UK. The researchers found that Qadars campaigns launched in early September 2016 and mainly targeted banks in the Netherlands, US and Germany.

They said that the gang behind the malware have been engaged in bouts of online banking fraud attacks since 2013, with a focus on Europe.

As well as banks, the gang has also been after social networking credentials, online sports betting users, e-commerce platforms, payments and card services, among others.

Advertisement
Advertisement - Article continues below

The Qadars Trojan can insert itself into a browser to monitor and manipulate user activity, as well as fetch web injections in real time from a remote server. They can also supplement fraud scenarios with an SMS hijacking app and orchestrate the full scope of fraudulent data theft and transaction operation through an automated transfer system (ATS) panel, which is a remote, web-based platform that Trojans access on the fly.

The ATS panel contains transaction automation scripts, web injections, pre-programmed transaction flow and parameters, transfer thresholds and mule account numbers on which the malware relies to complete illicit online transactions.

To steal two-factor authentication (2FA) codes from a user whose bank requires an out-of-band element, Qadars' operators deployed the Perkele (iBanking) mobile bot as the malicious mobile component. In this case, Qadars even added the theft of codes from mobile devices to the ATS transaction orchestration flow.

The latest version of the malware surfaced in the first quarter of this year.

"Qadars v3 is continuously evolving. Yet another updated release in late August 2016 offered a new Qadars build with some code updates designed to evade detection, layer anti-research features, and improve the performance and readability of the malware's webinjection mechanisms," said Limor Kessem, executive security advisor at IBM.

She said that while the malware is not one of the top ten financial malware threats on the global list, however, this Trojan has been flying under the radar for over three years, attacking banks in different regions using advanced features and capabilities.

"It's possible that Qadars attack volumes remain limited because its operators choose to focus on specific countries in each of their infection sprees, likely to keep their operation focused and less visible," she said.

Mark James, security specialist at ESET, told IT Pro that as the UK has established financial headquarters it would stand to reason that malware designed to hit banking organisations will try and infect as many here as possible.

"The trouble with the internet is it has no real boundaries, so countries from a malware point of view just blend into one big attack vector," he said.

"The instant reward from the financial segment will continue to make this industry a desirable target and the UK will continue to be near the top of that list," he added. 

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019