Jeremy Scott | June 22, 2012
There has been some recent talk about a new mobile malware variant found in the wild. The malware has been identified as Trojan-Spy.AndroidOS.Zitmo. ZitMo stands for “Zeus-in-the-Mobile”.
ZitMo was originally designed to target the Symbian smartphones, with Windows Mobile and Blackberry following later. ZitMo for Android Operating System was first detected in July 2011. This trojan is another variant targeting the Android Operating System and is distributed as an APK with the name “Android Security Suite Premium” through SMS messages.
The purpose of ZitMo is to target the security features of online banking services. Banks use what are called TAN codes (Transaction Authentication Number) with digital signatures as an additional authentication mechanism to authorize the transaction. In some cases, banks send TAN codes via a text message (these are called mTANs, or mobile transaction authentication numbers).
Like the PC-based ZeuS Trojan, victims are enticed to follow the link, then download and install the application. ZitMo is most often used in tandem with the PC-based ZeuS Trojan to be truly successful and is managed by the same criminals. By infecting a victim’s mobile device with ZitMo the criminals are able to bypass the last security feature of online banking system – the mTAN code. ZitMo is able to do this by stealing the incoming SMS messages and uploading them to the remote server.
While the ZitMo campaign is not a new threat, what is most interesting is how the criminals are continuing to improve their techniques and overcome complex security features with complex threats. ZitMo by itself is nothing more than spyware that steals incoming text messages. But, when it is coupled with the PC-based ZeuS, criminals are able to bypass the online bank authentication process using stolen mTAN codes in those messages.
Fortunately, the criminals continue to use the same infrastructure to carry out the campaign. Many of the domains associated with the newest variant of ZitMo have previously been identified as ZeuS domains.
See how Solutionary managed security services based on the patented ActiveGuard® Security Compliance Platform combine security intelligence and expertise to provide visibility, threat detection and event response.
POST A COMMENT