contadores de paginas web Saltar al contenido

ZitMo, the version of Zeus for mobile attacks again

ZitMo, the version of Zeus for mobile attacks again

In September 2010, a variant of the Zeus banking Trojan was detected that, in addition to infecting Windows, attempted to infect users' mobile phones to obtain transfer codes that some banks send by SMS as a security measure.

With infected equipment and locally compromised bank pages, victims are asked to mobile number and model to receive a security certificate. This certificate is sent by message and is actually the Trojan that infects the device and monitors SMS to steal security codes.

The new version of the Trojan operates in the same way and affects users of Symbian and Windows Mobile. It was detected in Poland in attacks targeting clients of ING Bank and mBank:

Bank page modified by Zeus

In the mBank forum you can see the message from an infected user You cannot access your online account and see strange messages.

In those cases what you have to do is call the bank by phone and explain the situation so that they cancel or control any movement of foreign money.

Then you have to access the account to change passwords, this must be done from another secure computer or from the same using a Live-CD to completely discard the action of the installed malware. Finally, the equipment must be disinfected.

More information on Securelist and Niebezpiecznik.

See also: Zeus camouflaged in a Java application. What is ZeuS? a good read on Kaspersky.