ZeuS trojan attacks Android
Several AV vendors report that, after targeting Symbian, BlackBerry and Windows Mobile devices, a variant of the ZeuS online banking trojan now also infects Android smartphones and will upload any TANs that arrive via SMS text message to a server. If they have control of victims' PCs as well as their smartphones, criminals are then able to bypass the mobile TAN system and make fraudulent transactions from their victims' accounts.
According to Kaspersky, the Android variant of ZeuS-in-the-Mobile (ZitMo) is more simple than the version for Symbian, which appeared in September 2010, and the Windows variant that followed. ZitMo for Android does not require any digital certificates and is injected by manual download of an alleged security extension from a company called Trusteer. Once installed, the trojan masquerades as an online banking activation app.
While this means that a variant of the ZeuS trojan now exists for most modern mobile and open platforms, there is no need for users to panic. For example, in none of the cases can the malware be injected into a device via a security hole when visiting a web page. Criminals always need to persuade users, in more or less ingenious ways, to download and install a specially crafted file onto their smartphones. Users who are certain that they won't fall for such tricks can continue to live without a virus scanner for their smartphones.
- More malware found in the Android Market, a report from The H.
- Kaspersky: Android is the new Windows, a report from The H.
- Online banking trojan attacks Windows Mobile smartphones, a report from The H.
- Banking trojan ZeuS homes in on SMS-TAN process, a report from The H.