Kaspersky researcher Denis Maslennikov reports that the security firm recently came across a new version of the Zeus malware disguised as a mobile security app called "Android Security Suite Premium."
"All totaled, there are at least six files that pretend to be 'Android Security Suite Premium,' but in actuality steal incoming SMS messages, the researcher said," writes eWeek's Brian Prince. "The point of stealing incoming SMS messages is to swipe the victim's mobile transaction authentication number (mTAN), which is used by banks to authenticate online bank transactions. When a device is infected, the SMS messages are uploaded to a remote server."
"Kaspersky Lab researchers recently analyzed six of these malicious APK files, and each of them had a different C&C URL encoded into it," writes Help Net Security's Zeljka Zorz. "By doing a whois search for each of them, they discovered that one has been registered with fake data that can be traced back to a number of other domains - all of which have been found in their database of ZeuS C&C domains, leading them to conclude that these new pieces of Android malware are not random information-stealing apps, but new ZitMo versions."
"Mobile versions of Zeus, also called ZitMo, or Zeus in the Mobile, have been around for a couple of years now, and attackers have been successful in disguising the malware in various ways," writes Threatpost's Dennis Fisher. "The new version for Android shows that the Zeus attackers are not slowing down in their efforts to continue to get their malware on users' devices."