Fortinet Blog | News and Threat Research
  • Products
  • Solutions
  • Service & Support
  • Partners
  • Corporate
  • Resources
  • How to Buy

Zitmo hits Android

by RSS Axelle Apvrille  |  July 08, 2011  |  Category: Security Research

Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months (see my ShmooCon slides).

Lately, there’s been an active discussion on technical forums regarding ZeuS targetting Android users. We finally managed to get our hands on the mobile sample the ZeuS PC trojans are propagating. Actually, it is not a new sample and has been detected under several names (Android.Trojan.SmsSpy.B, Trojan-Spy.AndroidOS.Smser.a, Andr/SMSRep-B), but it is far more scary when propagated by the ZeuS gang.

The malware poses as a banking activation application:

Zitmo trojan spyware for Android

In the background, it listens to all incoming SMS messages and forwards them to a remote web server. It’s simple, but just enough for the ZeuS gang to grab your banking mTANs…

Wireshark capture of Zitmo forwarding an incoming SMS (on the infected phone) to a remote web server

We’ll keep you posted on this one.

– the Crypto Girl

PS. F-Secure, s21sec and Kaspersky contributed to finding this sample. Thanks for their cooperation.

by RSS Axelle Apvrille  |  July 08, 2011  |  Category: Security Research
Tags: android bank Malware mobile spyware trojan zitmo
comments powered by Disqus

Category

  • All
  • RSS Subscribe
  • Security Research
  • RSS Subscribe
  • Industry Trends & News
  • RSS Subscribe

FortiGuard Labs on the Web

  • Twitter Twitter
  • Facebook Facebook
  • LinkedIn LinkedIn
  • Youtube Youtube

Monthly Archives

  • May 2013 7
  • April 2013 17
  • March 2013 12
  • February 2013 11
  • January 2013 12
  • December 2012 8
  • November 2012 7
  • October 2012 4
  • September 2012 7
  • August 2012 7
  • July 2012 9
  • June 2012 17
  • May 2012 14
  • April 2012 16
  • March 2012 15
  • February 2012 11
  • January 2012 6
  • December 2011 4
  • November 2011 6
  • October 2011 11
  • September 2011 2
  • August 2011 2
  • July 2011 4
  • June 2011 6
  • May 2011 6
  • April 2011 5
  • March 2011 7
  • February 2011 5
  • January 2011 7
  • December 2010 8
  • November 2010 11
  • October 2010 3
  • September 2010 8
  • August 2010 4
  • July 2010 9
  • June 2010 9
  • May 2010 9
  • April 2010 6
  • March 2010 8
  • February 2010 6
  • January 2010 9
  • December 2009 8
  • November 2009 6
  • October 2009 6
  • September 2009 8
  • August 2009 5
  • July 2009 8
  • June 2009 7
  • May 2009 4
  • April 2009 7
  • March 2009 9
  • February 2009 4
  • January 2009 1
  • Older

Popular topics

Cryptography hashdays network security Mobile Security google mobile FortiGate trojan hacking challenge adobe Windows zitmo Mac OS X Threat Landscape mobile phone bredolab symbian mobile phones android derek manky Antivirus iphone conference privacy challenge SpyEye Security reverse engineering virut apple Fortinet symbianos Zeus Anti-Spam Firewall botnet Malware facebook Anonymous sms microsoft reversing UTM Research stuxnet exploit mobile malware symbos/yxes webinar BYOD