NEWS FROM THE LAB - Thursday, November 15, 2012

Berlin Police: Beware Android Banking Trojans Posted by Sean @ 13:00 GMT

The Berlin Police Department issued a press release this past Tuesday about criminal complaints of fraudulent cash withdrawals. All of the cases involved SMS mTans and Android smartphones.

Pressemeldung #3628
Original; Google Translate

It sounds to us like a case of ZeuS in the Mobile (Zitmo), sometimes also called ZeuS Man in the Mobile (ZeuS Mitmo). We first wrote about Zitmo back in September 2010. An important thing to realize about Zitmo is that it isn't "mobile" malware as such. Rather, Zitmo is a companion/complement component to a Windows based ZeuS bot. Zitmo works with its Windows based ZeuS when the bank customer has SMS mTans as an additonal layer of authentication.

To counter the mTan layer of security, ZeuS bots will inject a "security notice" form during a banking session asking the customer for their phone model and number. The bad guys will then send an SMS link to a so called "security update", which is actually the Man in the Mobile component needed to circumvent the mTan.

There are plenty of ZeuS bots in the wild. For example, two months ago we wrote about Gameover, the P2P version of ZeuS. There are nearly 49,000 thousand German infections of just that one ZeuS-based botnet. Any number of those infections could become a target of Zitmo.

So what is the best defense against Zitmo? The Berlin Police Department recommends that citizens be skeptical of "security updates" claiming to come from ones bank and to defend your home computer.

Which includes, by the way, having an up to date antivirus service installed.


On a self-promotional note:

Threats such as Zitmo is just one of the reasons why we offer Internet Security + Mobile Security as a bundle.

And threats such as ZeuS is why our latest Internet Security feature is called Banking Protection which is designed to block men in the middle and form injection attacks.

All of your devices are connected, folks. Keep them safe.