Kaspersky Lab warns users about a Trojan Horse, ZitMo (Zeus-in-the-Mobile), a version for smartphones of the Zeus Trojan that can intercept messages sent to the bank, so that customers can authorize the transaction done via online banking.
MTAN System (Mobile Transaction Authorization Numbers) was, until recently, one of the most secure mechanisms for authorizing online banking operations. ZitMo, first identified in September 2010, was created by cybercriminals to steal mTAN bank codes sent via SMS.
“First, it should be noted that it is a trojan that affects several mobile operating platforms – Symbian, Windows Mobile, Blackberry and Android”, said Denis Maslennikov, Senior Malware Analyst at Kaspersky Lab. “ZitMo has a simple and well defined role which is to intercept and send cybercriminals text messages containing mTAN codes. People who come into possession of these codes can perform financial transactions using the bank accounts of victims. The thing that really makes it interesting is the link ZitMo has with Zeus, because these two Trojans are working together – Zeus on the infected PC and ZitMo on the smartphone”, Maslennikov added.
Here’s how such a cyber attack occurs:
• Criminals use your PC infected with Zeus to steal account data necessary to access the victim’s online banking account and telephone number
• Smartphone victim receives a text message sent by the criminals in the name of the bank, with a request to install a security certificate or any other software update necessary for bank transactions. In any case, the link from the message lead to installation on the mobile phone version of the Zeus Trojan
• If the victim installs ZitMo, it infects their terminal, then the hacker can use stolen data from computer to try to initiate bank transfers and now only needs the mTAN code
• Bank sends to the customer an SMS that contains the mTAN code
• ZitMo intercepts the SMS and send it to the cybercriminal, who now may authorize the transaction.
Kaspersky Lab experts warn users that such malicious programs with similar functionality will continue to occur in the future. Smartphone owners are advised to take into account a number of rules in order to avoid becoming victims of cyber criminals:
• be very careful about the permissions required when installing applications on the phone
• do not “jailbreak” the smartphone
• avoid, where possible, installing applications from unknown sources or unofficial. For example, if users install applications from sources other than Android Android Market, they must ensure that the source is a known and reputable
• do not access the links received via SMS
• Install an antivirus program on the smartphone that is regularly updated
• Install all security updates as soon as they are available.