Android users who are looking for a good security application should beware of this latest threat which masquerades itself as an app called Android Security Suit Premium.
Kaspersky experts have analyzed it and found it to hide a piece of malware identified as Trojan-Spy.AndroidOS.Zitmo.a
, a new mobile variant of ZeuS.
The malicious element is designed to steal SMS messages and upload them to a domain that’s hardcoded into the Trojan’s body. This way, the malware’s masterminds can gain access to all sorts of information the victim receives on his/her phone via SMS, including verification codes and password reset links.
The malware can steal system information, but it can also enable, disable, or uninstall itself if the cybercriminals command it to do so.
After analyzing the command and control (C&C) servers, the researchers have noticed that they’re somehow connected to domains that show up in their ZeuS C&C database.
Back in 2011, cybercriminals who used ZeuS utilized the same fake data to register C&C domains.
“So, there is new piece of Android malware which steals incoming SMS messages and uploads them to the remote server,” Denis Maslennikov, a Kaspersky Lab expert, explained
“One of the remote server domains was registered using the same fake data which was used for registering ZeuS C&Cs back in 2011. And the malware’s functionality is almost the same as in old ZitMo samples. Therefore ‘Android Security Suite Premium’ = New ZitMo.”
In order to protect yourself against such threats, we advise you to refrain from installing shady applications, especially if they come from untrusted sources. Security apps for Android phones are highly recommended, but make sure to download them only from the vendor’s website or from verified software markets.