Banking Trojan infiltrates Android phones
“The malware poses as a banking activation application,” says Axelle Apvrille, a senior anti-virus analyst and researcher for Fortinet, in a blog post. “In the background, it listens to all incoming SMS messages and forwards them to a remote Web server.”
That's a security risk, as some banks now send mTANs - mobile transaction authentication numbers, which is banking-speak for one-time passwords for authenticating transactions - via SMS.
By intercepting these passwords, the Zeus-botnet-using criminal gang behind Zitmo can not only create fraudulent money transfers, but verify them.
The malware disguised itself as the banking security app Rapport, made by Trusteer, says Digital ID News.
Trusteer discovered the spread of the malware in late May and early June and have taken the supporting servers offline.
While mTANs are used mostly by European banks as a second layer of security, the spread of this variant shows that attackers are attempting to break into dual-factor authentication, which could pose problems for other types of mobile banking platforms.
Share