Germany's Berlin Police Department has issued a warning after numerous bank customers have reported fraudulent cash withdrawals. All the victims own Android smartphones and they all rely on mTAN (mobile transaction authentication numbers) when performing banking transactions.
F-Secure experts reveal that the malware involved in these incidents is most likely the mobile version of ZeuS, also known as ZeuS-in-the-Mobile or Zitmo.
Zitmo is a piece of malware that’s useless on its own, but it works like a charm when it complements the Windows version of ZeuS.
Basically, when users whose computers are infected with ZeuS visit a bank website, the malware injects a security notice that’s designed to trick victims into handing over their phone models, phone numbers, and other sensitive data.
The information provided by the victim should be enough for the attackers if banks didn’t use mTAN as a second security layer. mTAN is sent via SMS to customers when they perform online transactions and without the code, the crooks can’t do anything.
This is where Zitmo steps in. It steals the code from the phone and forwards it to its masters. This allows the crooks to have access to the mTAN any time they want and perform illegal transactions.
The worst part about these attacks is that once the money is lost, it’s gone for good because chargebacks are not possible.
That’s why the Berlin Police Department recommends bank customers to be careful if they’re urged to perform security updates. They should call the financial institution to check if the update is legitimate.
Also, users are recommended to install an antivirus and a firewall to protect their computers against such threats. In most cases, a decent security solution is capable of detecting ZeuS and any information theft attempts.