Counterfeit Antivirus App Borrows from Zeus Trojan
Author: John Duckgeischel on June 19, 2012 - 11:17 PM
research staff from Kaspersky Labs has discovered a mobile component of the
Zeus banking malware that is being passed off as an Android security
application. It is labeled as being
the Android Security Suite Premium; however it is able to steal and upload SMS
messages to a server in a remote location.
Upon launch this rogue application shows an official looking shield
image that has been used on Windows related antivirus malware programs known as
FakeAV. "How could I ever forget
such an identifiable logo," blogged Nathan Collier, a threat research
analyst at antivirus firm Webroot.
"Now that the developers of the popular FakeAV malware have entered
into the mobile world expect to see a lot more variations of this."
Maslennikov, a senior malware analyst at Kaspersky Lab indicates that this
latest mobile malware may also be a variation of the Zitmo, also known as Zeus
mobile. Cybercriminals have used Zitmo
mobile apps working with a Zeus computer Trojan since 2010 to steal money from
online bank accounts. Zitmo helps to capture mobile transaction authorization
number (mTANs) transmitted by banks to account owners via SMS messages. Cybercriminals rely upon mTANs to get bank
transactions started using stolen credentials.
Kaspersky research personnel are still determining the distribution
methodology used to spread this malware.
Security experts caution that Android users should only download apps
from the corporate Google Play website to safeguard against bogus applications.
Add a Comment