Zitmo malware adapted to steal financial data from Android users
By siliconindia   |   Friday, 15 July 2011, 00:52 IST
Printer Print Email Email
Bangalore: Zitmo, the Trojan spyware application designed to hack people's financial data is now altered to target the Android mobile's OS. The malware can listen to all incoming SMS messages in the Android Smartphone which is forwarded to a remote web server. This is a great security risk as few banks send mTANs (mobile transaction authentication numbers) which is banking speak for one time passwords for the confirmation of transactions. Interception of these passwords can not only create fraudulent money transfers but can also verify them. The Zitmo can make Android Smartphone users' life miserable as this poses a banking activation application. The attack is naive as the malicious Smartphone application gets shot of by malware after infecting the PC but unless the user browses through the banking website, it is not possible. When the malware shoots in and asks the user to download the verification or security element against their cell phone device to complete the login process which makes the user to assume that it would be a message from the bank while it is from the malware. Once the user installs the malware, it will favor the fraudsters to control both the PC and phone. Another problem that would crop up is that the attackers will find no vulnerabilities in the mobile device which would allow them to install the malicious applications. The windows PCs today are prone to such issues and would accomplish by prevalent fraudster techniques to compromise a website. The exploit kit will be installed which would infect all the PCs that has visited the website and installed the malware. This problem not only affects the android phones, the zero-day PDF vulnerability also targets the iPhone, iPad and other iOS to be used to jailbreak device but as well as for the malware installation.

Digital Supply Chain Transformation – Winning the AI/ML Way