Researchers have discovered a new variant of the insidious Zeus trojan that is designed to run on Google Android smartphones, security researchers have warned.
The malicious program is a new version of Zitmo, a mobile trojan application first discovered last year that stands for “Zeus in the mobile,” Derek Manky, a senior security strategist at network security firm Fortinet’s FortiGuard Labs, told SCMagazineUS.com on Tuesday.
It is designed to steal mobile transaction authentication numbers (mTANs), or one-time passwords that some banks, mostly in Europe, send via SMS message to mobile users as an additional layer of security.
The malware poses as a legitimate banking security application called Rapport, which is made by web security firm Trusteer. Once installed, the bogus app intercepts all incoming SMS messages and forwards them to a remote server.
Mickey Boodaei, CEO of Trusteer, told SCMagazineUS.com on Tuesday that Zitmo’s masterminds leveraged his company’s name to gain users’ trust. The program spread for four to five days during late May and early June, but the servers supporting the operation were taken offline more than a month ago.
The Zitmo variant for Android worked in conjunction with Zeus version 188.8.131.52, Boodaei said. Once a user’s PC was infected with Zeus, the malware tried to trick them into downloading Zitmo on their smartphone.
The Zitmo family of malware has also previously targeted Symbian, BlackBerry and Windows Mobile phones, Boodaei said.
Zitmo is the first malicious mobile application designed to work in combination with a Windows trojan.