Zitmo Trojan masquerades as security app
Posted on 19.06.2012
Bookmark and Share
Zeus-in-the-mobile ("Zitmo") for Android users is back, pretending to be a security solution for the mobile operating platform.

It masquerades as "Android Security Suite Premium" and, once installed, it presents an icon of a blue shield. When launched, it shows a generated activation code:


While the victim believes itself protected from malware, the malicious app is busy collecting system information and text messages, and sending them to a remote server whose URL is encrypted and stored inside the body of the Trojan.

Kaspersky Lab researchers recently analyzed six of these malicious APK files, and each of them had a different C&C URL encoded into it.

By doing a whois search for each of them, they discovered that one has been registered with fake data that can be traced back to a number of other domains - all of which have been found in their database of ZeuS C&C domains, leading them to conclude that these new pieces of Android malware are not random information-stealing apps, but new Zitmo versions.

Given that the researchers don't say through which channels these Trojans are distributed, we can safely assume they originated from third-party Android online markets.






Spotlight

How cybercriminals profit from money laundering through gambling sites

Posted on 24 April 2014.  |  A new report identifies the proliferation of online casinos, an industry set to grow nearly 30% over the next three years, and how their use is fueling cybercrime.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //