Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Share this article:
Zeus-in-the-mobile variant uses security firm's name to gain victims' trust
Android users are tricked into installing a spurious "security" app.

Zitmo, or Zeus-in-the-mobile, is now using a new ploy to target Android users, researchers found.

On Monday, security firm Trusteer, an IBM company, revealed via a blog post how the company's name was used to gain the trust of victims.

According to Etay Maor, fraud prevention solutions manager at Trusteer, the malware “waits until an infected victim browses to one of the banks in the malware's target list” and enters their online banking credentials, before launching additional exploits.

After victims enter their login credentials, they're prompted to install a “Trusteer Mobile for Android” security app. If they opt to download the spurious app, they will be redirected to Trusteer's website where additional HTML injections prompt them on how to install the software.

The install actually allows attackers to intercept messages from target banks, which aid them in carrying out fraud, Maor warned.

“The mobile malware then steals incoming SMS messages from the victim's bank – allowing the cyber criminal to gain access to the online account by bypassing the one-time password mechanism,” Maor wrote in the blog post.

Ironically enough, victims were lured into installing the “security app” in the first place, so that they could secure their SMS one-time password, he said.

“While this combination of mobile and PC malware has been around for over four years, receiving its own acronym MitMO (Man-in-the-Mobile), cyber criminals continue to find new ways to persuade users to download the fake mobile app,” Maor said of the ploy.

Share this article:

Sign up to our newsletters

More in News

Hackers target video game companies to lift copy protections and develop cheats

A threat group is targeting video game companies in order to lift DRM protections, develop cheats and possibly to steal source code.

Android malware spreads via mail tracking SMS spam

The mobile malware is currently targeting German users, McAfee revealed.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting ...

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."