Zitmo Trojan masquerades as security app
Posted on 19.06.2012
Zeus-in-the-mobile ("Zitmo") for Android users is back, pretending to be a security solution for the mobile operating platform.

It masquerades as "Android Security Suite Premium" and, once installed, it presents an icon of a blue shield. When launched, it shows a generated activation code:


While the victim believes itself protected from malware, the malicious app is busy collecting system information and text messages, and sending them to a remote server whose URL is encrypted and stored inside the body of the Trojan.

Kaspersky Lab researchers recently analyzed six of these malicious APK files, and each of them had a different C&C URL encoded into it.

By doing a whois search for each of them, they discovered that one has been registered with fake data that can be traced back to a number of other domains - all of which have been found in their database of ZeuS C&C domains, leading them to conclude that these new pieces of Android malware are not random information-stealing apps, but new Zitmo versions.

Given that the researchers don't say through which channels these Trojans are distributed, we can safely assume they originated from third-party Android online markets.






Spotlight

Proactive real-time security intelligence: Moving beyond conventional SIEM

Discussions about security intelligence still focus primarily around conventional reactive SIEM. Security pros need to move from this reactive model to proactively using this security intelligence to protect their businesses.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Aug 31st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //