The threat uses web injects and Android modules to steal sensitive information

Dec 18, 2013 13:49 GMT  ·  By

In early October, researchers from LEXSI revealed the existence of a new banking Trojan called Win32/Qadars. ESET has been monitoring the threat and has found that it mainly targets users from the Netherlands.

Similarly to other banking Trojans, Qadars uses web injects and Android mobile components in order to bypass security measures and trick unsuspecting internauts into handing over their online banking information.

Since mid-May 2013, Qadars infections have been spotted in a total of six countries: the Netherlands, France, Canada, India, Australia and Italy. While all these countries have been targeted, only users in the Netherlands had been attacked throughout the entire 6-month period in which ESET monitored the threat.

Researchers say that the Trojan is still very active and its creators continue to update it. It’s worth noting that some of the web injects used by Qadars have been utilized by another banking Trojan in an unrelated campaign.

For additional technical details, you can check out ESET’s We Live Security blog.