Browse archive

Latest news

Is it time to professionalize information security?

Microsoft decrypts Skype comms to detect malicious links

A spotlight on grid insecurity

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Hacking charge stations for electric cars

Zitmo Trojan masquerades as security app

Posted on 19.06.2012

Zeus-in-the-mobile ("Zitmo") for Android users is back, pretending to be a security solution for the mobile operating platform.

It masquerades as "Android Security Suite Premium" and, once installed, it presents an icon of a blue shield. When launched, it shows a generated activation code:

While the victim believes itself protected from malware, the malicious app is busy collecting system information and text messages, and sending them to a remote server whose URL is encrypted and stored inside the body of the Trojan.

Kaspersky Lab researchers recently analyzed six of these malicious APK files, and each of them had a different C&C URL encoded into it.

By doing a whois search for each of them, they discovered that one has been registered with fake data that can be traced back to a number of other domains - all of which have been found in their database of ZeuS C&C domains, leading them to conclude that these new pieces of Android malware are not random information-stealing apps, but new Zitmo versions.

Given that the researchers don't say through which channels these Trojans are distributed, we can safely assume they originated from third-party Android online markets.