Fortinet

Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :) The similarities and differences between all 5 variants are depicted below. The various blocks [...]

Yes, you have probably heard the news: a new variant of Spitmo – Zitmo/ZeuS’s counterpart for SpyEye, which previously targeted Symbian phones only – has recently been spotted on Android. The scenario is the same as before: a victim, browsing on a PC infected with SpyEye, logs in her bank’s website. SpyEye injects forms and [...]

This is a short update to our prior post concerning Zitmo on Android. Is this really Zitmo? This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it’s easy to remember), we call it Zitmo. This does not mean this variant was written by the same authors (no proof [...]

Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months (see my ShmooCon slides). Lately, there’s been an active discussion on technical forums regarding ZeuS targetting Android users. We finally managed to get our hands on the mobile sample the ZeuS [...]

Mark Balanza has spotted a new Android malware, Android/CruseWin.A!tr, which acts as an SMS relay. The malicious application is in contact with a remote C&C from which it gets an XML configuration file which contains the commands the C&C wishes the bot to perform. In particular, the XML send tag makes the infected mobile phone [...]