There is a new cyber threat for Android Facebook Inc. (NASDAQ:FB) users in the form of a Trojan app called Qadars. This is a new Tojan variant that introduces a JavaScript code directly into a users Facebook page when they open their browser. Qadars is especially dangerous as it incorporates a sophisticated code called iBanking that has the ability to take control of some of an Androids phones functions.
This latest way of infecting Android phones uses a method known as Webinjects and works by tricking the user into downloading and running software that can be used to perform a variety of malicious data collection activities on the user’s browser. While Webinjects are not new to Trojan malware that attacks though the web daily, iBanking takes the process a step further by not only infecting Android phones but once installed, it can read text messages. In addition, it can redirect calls and listen to what is going on in the users’ surroundings by taking over control of the microphone.
When a user is infected with Qadars, they will receive a message when logging into their Facebook telling them that Facebook is introducing a new ‘safety protection system’ in the form of a downloadable app that they must install. This app purports to be a unique authentication code generator that improves their security by replacing passwords.
In order for the user to install it, they need to provide information such as their phone number and operating system. The aim of the program is to steal security codes received via SMS effectively bypassing the two factor Facebook authentication. Qadars can then take over the Facebook accounts of SMS code protected users