Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

July 9th, 2011, 10:55 GMT · By

Zbot Targets Android Users

SHARE:

Adjust text size:


ZeuS Android component discovered
Enlarge picture
Security researchers have identified a Zbot component designed for Android which steals mobile transaction authentication numbers send by banks via SMS.

ZeuS, aka Zbot, is one of the most popular banking trojans. Even though the original author of the malware has retired, the source code is available online for anyone to modify and fit it to their needs.

Zbot originally targeted desktop systems and stole financial information and online banking credentials which fraudsters exploited.

However, in recent years, more and more banks have introduced additional layers of security, such as two-factor authentication systems which in addition to passwords also require one-time-use codes generated with special devices.

But it's not only accounts that have been protected with this method. Some banks require each transaction request to be confirmed by inputting an unique code sent to the account owner's mobile phone.

These codes are known as mobile transaction authentication numbers (mTAN) and make it a lot harder to steal money from compromised accounts, even if attackers have full control over the victim's computer.

In order to continue stealing money ZeuS fraudsters had to find a way to capture these mTANs, and with the help of a man-in-the-mobile (mitmo) component and a little social engineering they managed to do that.

Last year security researchers began discovering ZeuS-related mobile malware created specifically to steal mTANs from phones running Symbian, Windows Mobile and BlackBerry.

However, a sample targeting Android devices has only showed up on the radar during the past couple of weeks. "Actually, it is not a new sample and has been detected under several names (Android.Trojan.SmsSpy.B, Trojan-Spy.AndroidOS.Smser.a, Andr/SMSRep-B), but it is far more scary when propagated by the ZeuS gang," says Fortinet security researcher Axelle Apvrille.

According to the security expert, the malware poses as a banking activation application, but after it's installed it intercepts all SMS messages and uploads them to a remote server. Users are advised to always check any request to install such software on their computers or mobile phones with their bank.

TELL US WHAT YOU THINK:

2,592 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


ZeuS Trojan Targets BlackBerry Devices
Man-in-the-Mobile Component Spotted in SpyEye
ZeuS Targets Two-Factor Authentication Systems Used by Polish Banks

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use