A Trojan that has been on the market for close to three years now and believed to have been built by Russian cybercriminals is now targeting most of the UK banks. The Trojan’s name is Qadar, and it is believed to have been around since 2013.
According to researched data, the trojan seems to have been targeting banks located in different regions at any given time. The malware started by attacking France and Netherlands back in 2013 and 2014 respectively. It then went towards the Australian banks and went to Canada, the United States and the Netherlands again in 2015 and 2016.
Now some cyber security researchers over at IBM X-Force Research have noticed that the malware now has a fresh version and there seems to be a new infection campaign which is taking place. These researchers were also the same ones that discovered the malware attacks which were targeted towards Brazilian banks before the start of the Olympics.
The new campaign that the group discovered seems to be targeting 18 banks which are all located in the UK. The banks names were not named for security reasons. The malware also seems to be attacking German, Polish and Netherlands banking institutes.
This is the second time UK banks have been targeted by a malware recently after the Dridex malware campaign, and it will mark the third time that the Netherlands will be affected by the same malware.
Qadar Trojan is historical malware which infects using the exploit kits on some of the compromised hosts. It also attacks domains which may be for the sole purpose of serving malware. The malware is thought to be employing botnets, making use of downloader type malware to infect the victims.
It is believed the malware makes use of social engineering so that it can help with the control of the systems and also undertake the full scale theft of data. It is also chillingly able to monitor user activity and hijack text messages received on the victims phone.
Qadars has also been known to target Facebook users, online sports betting systems, e-commerce and many more. The malware’s latest version was believed to be the Qadars v3 and is said to have been available till May this year. After that, the authors released patches and updates to the malware, codes which the IBM-X researchers say are written in Russian and all come from one single source. The continual exploitation of the malware shows that the people behind it are highly organised.