Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Share this article:
Zeus-in-the-mobile variant uses security firm's name to gain victims' trust
Android users are tricked into installing a spurious "security" app.

Zitmo, or Zeus-in-the-mobile, is now using a new ploy to target Android users, researchers found.

On Monday, security firm Trusteer, an IBM company, revealed via a blog post how the company's name was used to gain the trust of victims.

According to Etay Maor, fraud prevention solutions manager at Trusteer, the malware “waits until an infected victim browses to one of the banks in the malware's target list” and enters their online banking credentials, before launching additional exploits.

After victims enter their login credentials, they're prompted to install a “Trusteer Mobile for Android” security app. If they opt to download the spurious app, they will be redirected to Trusteer's website where additional HTML injections prompt them on how to install the software.

The install actually allows attackers to intercept messages from target banks, which aid them in carrying out fraud, Maor warned.

“The mobile malware then steals incoming SMS messages from the victim's bank – allowing the cyber criminal to gain access to the online account by bypassing the one-time password mechanism,” Maor wrote in the blog post.

Ironically enough, victims were lured into installing the “security app” in the first place, so that they could secure their SMS one-time password, he said.

“While this combination of mobile and PC malware has been around for over four years, receiving its own acronym MitMO (Man-in-the-Mobile), cyber criminals continue to find new ways to persuade users to download the fake mobile app,” Maor said of the ploy.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the ...

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.