Zitmo, or Zeus-in-the-mobile, is now using a new ploy to target Android users, researchers found.
On Monday, security firm Trusteer, an IBM company, revealed via a blog post how the company's name was used to gain the trust of victims.
According to Etay Maor, fraud prevention solutions manager at Trusteer, the malware “waits until an infected victim browses to one of the banks in the malware's target list” and enters their online banking credentials, before launching additional exploits.
After victims enter their login credentials, they're prompted to install a “Trusteer Mobile for Android” security app. If they opt to download the spurious app, they will be redirected to Trusteer's website where additional HTML injections prompt them on how to install the software.
The install actually allows attackers to intercept messages from target banks, which aid them in carrying out fraud, Maor warned.
“The mobile malware then steals incoming SMS messages from the victim's bank – allowing the cyber criminal to gain access to the online account by bypassing the one-time password mechanism,” Maor wrote in the blog post.
Ironically enough, victims were lured into installing the “security app” in the first place, so that they could secure their SMS one-time password, he said.
“While this combination of mobile and PC malware has been around for over four years, receiving its own acronym MitMO (Man-in-the-Mobile), cyber criminals continue to find new ways to persuade users to download the fake mobile app,” Maor said of the ploy.