Zitmo Trojan masquerades as security app
Posted on 19.06.2012
Zeus-in-the-mobile ("Zitmo") for Android users is back, pretending to be a security solution for the mobile operating platform.

It masquerades as "Android Security Suite Premium" and, once installed, it presents an icon of a blue shield. When launched, it shows a generated activation code:


While the victim believes itself protected from malware, the malicious app is busy collecting system information and text messages, and sending them to a remote server whose URL is encrypted and stored inside the body of the Trojan.

Kaspersky Lab researchers recently analyzed six of these malicious APK files, and each of them had a different C&C URL encoded into it.

By doing a whois search for each of them, they discovered that one has been registered with fake data that can be traced back to a number of other domains - all of which have been found in their database of ZeuS C&C domains, leading them to conclude that these new pieces of Android malware are not random information-stealing apps, but new Zitmo versions.

Given that the researchers don't say through which channels these Trojans are distributed, we can safely assume they originated from third-party Android online markets.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //