Android Mobile Operating Systems Hit By Sms Grabbing Malware

By Author: eccuni
Total Articles: 211
Comment this article

Zeus in the Mobile or Zeus Mitmo (Man-in-the-mobile) or ZitMo (Zeus-in-the-Mobile) has struck again. The information stealing Trojan aims at intercepting and extracting the mTAN or mobile transaction authentication number sent by banks to authenticate online banking transactions. The single use transaction number serves the two-factor verification process of banks. In the latest case, security researchers at Sophos and Kaspersky have identified a new version of ZitMo, which targets Android operating systems. The malware disguises itself as legitimate security software from Trusteer or Kaspersky. In the case of the former, ZitMo appears to users as Trusteer Rapport, while in the case of the later the malware appears as Mobile Security 9. When unwary users fall prey to the scam and download the fake application, they inadvertently download malware on their mobile phones. The malware displays icon of the security software, which look similar to that of legitimate security software from Trusteer or Kaspersky.

ZitMo first appeared last year, when cybercriminals Targeted Symbian operating systems in Spain. Earlier this year, ...
... ZitMo hit headlines by targeting customers of ING Bank Poland. Cybercriminals initially download a malware in the computer systems of the individuals. When customers of a bank visit a bank website, they receive a security notification seeking their mobile numbers and type of device. When customers enter the number, they receive a SMS link, which directs to a link for downloading software required for receiving the authentication numbers. However, customers actually download ZitMo malware. The counterfeit security software installs a broadcast receive for intercepting all Short Message Service (SMS) messages. The fake application encodes the extracted messages and sends them to a remote command and control server of Zeus botnets. According to security researchers at Sophos, the malware transmits the messages through HTTP POST requests. Cybercriminals then conduct fraudulent transactions on behalf of the customer. Individuals must acquaint themselves of different mobile and computer security related threats through e-tutorials and online IT courses. They can also keep themselves updated of latest threats by following security blogs of Internet security firms and advisories by Computer Emergency Response Teams.

With the latest variant, ZitMo can now target mobile devices, which use Symbian, Windows Mobile, Blackberry and Android mobile operating systems. However, security researchers have claimed that the functionality of Zitmo for Android differs from those deployed for other operating systems. As such, there is a possibility of further upgrades to the existing version of the malware for Android. Usually, attackers insert malware in computer systems and mobile devices through drive-by-downloads, malvertizing or malicious links in spam e-mails. Professionals may update themselves on latest modus operandi of cybercriminals through security certifications and online IT degree programs.

Regular evaluation of the software products through penetration testing is crucial to identify threats and improving security mechanism of the devices. Increased mobility of employees for official purposes has resulted in greater use of Smartphones and mobile applications. Cybercriminals may devise mechanisms or variants of malware to extract confidential business and personal information. Professionals qualified in IT degree programs may help organizations in understanding different security risks, identify threat vectors and take measures to improve the security practices in the organization.