Zitmo Trojan masquerades as security app
Posted on 19.06.2012
Zeus-in-the-mobile ("Zitmo") for Android users is back, pretending to be a security solution for the mobile operating platform.

It masquerades as "Android Security Suite Premium" and, once installed, it presents an icon of a blue shield. When launched, it shows a generated activation code:


While the victim believes itself protected from malware, the malicious app is busy collecting system information and text messages, and sending them to a remote server whose URL is encrypted and stored inside the body of the Trojan.

Kaspersky Lab researchers recently analyzed six of these malicious APK files, and each of them had a different C&C URL encoded into it.

By doing a whois search for each of them, they discovered that one has been registered with fake data that can be traced back to a number of other domains - all of which have been found in their database of ZeuS C&C domains, leading them to conclude that these new pieces of Android malware are not random information-stealing apps, but new Zitmo versions.

Given that the researchers don't say through which channels these Trojans are distributed, we can safely assume they originated from third-party Android online markets.






Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //